diff --git a/.vscode/launch.json b/.vscode/launch.json
index 47e07df0..4193ec70 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -4,7 +4,16 @@
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
-
+ {
+ "showGlobalVariables": true,
+ "name": "Debug: validate",
+ "type": "go",
+ "request": "launch",
+ "mode": "debug",
+ "program": "main.go", // "program": "${file}",
+ "args": ["validate", "-i", "examples/cyclonedx/SBOM/protonmail-webclient-v4-0912dff/bom.json"],
+ "dlvFlags": ["--check-go-version=false"]
+ },
{
"showGlobalVariables": true,
"name": "Debug: query: SELECT * FROM metadata.component",
diff --git a/.vscode/settings.json b/.vscode/settings.json
index 6d6b8b25..e29b82df 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -78,6 +78,7 @@
"MLBOM",
"multimap",
"myservices",
+ "NATS",
"NOASSERTION",
"nolint",
"nosec",
@@ -99,6 +100,7 @@
"PROPKEY",
"protonmail",
"repackager",
+ "rvoi",
"rwxr",
"SAAS",
"SAASBOM",
diff --git a/README.md b/README.md
index 47f75d19..853eb756 100644
--- a/README.md
+++ b/README.md
@@ -941,6 +941,14 @@ A comma-separated list of JSON map keys. Similar to the [query command's `--sele
A comma-separated list of JSON document paths using the same syntax as the [query command's `--from` flag](#query---from-flag).
+##### Trim `--normalize` flag
+
+A flag that normalizes the BOM data after trimming and prior to output.
+
+This flag has custom code that sorts all components, services, licenses, vulnerabilities, properties, external references, hashes and *most* other BOM data using custom comparators.
+
+Each comparator uses `required` fields and other identifying fields to create *"composite keys"* for each unique data structure.
+
#### Trim examples
The original BOM used for these examples can be found here:
@@ -1133,6 +1141,180 @@ Output BOM results with `properties` removed from all `components`:
---
+##### Example: Trim `bom-ref` and normalize output
+
+```bash
+./sbom-utility trim -i test/trim/trim-cdx-1-5-sample-components-normalize.sbom.json --keys="bom-ref" --normalize -q
+```
+
+**Note** If you do not want to remove any keys and simply normalize output, set keys to an empty string: `--keys=""`.
+
+Use the trim command to remove all `bom-ref` fields and normalize output:
+
+```json
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.5",
+ "components": [
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/sample@2.0.0",
+ "purl": "pkg:npm/sample@2.0.0",
+ "name": "sample",
+ "version": "2.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "properties": [
+ {
+ "name": "moo",
+ "value": "cow"
+ },
+ {
+ "name": "foo",
+ "value": "bar"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/body-parser@1.19.0",
+ "purl": "pkg:npm/body-parser@1.19.0",
+ "name": "body-parser",
+ "version": "1.19.0",
+ "hashes": [
+ {
+ "alg": "SHA-256",
+ "content": "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+ },
+ {
+ "alg": "SHA-1",
+ "content": "96b2709e57c9c4e09a6fd66a8fd979844f69f08a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://example.com/website"
+ },
+ {
+ "type": "support",
+ "url": "https://example.com/support"
+ }
+ ]
+ }
+ ]
+}
+```
+
+Trimmed, normalized output:
+
+```json
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.5",
+ "components": [
+ {
+ "type": "library",
+ "name": "body-parser",
+ "version": "1.19.0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "96b2709e57c9c4e09a6fd66a8fd979844f69f08a"
+ },
+ {
+ "alg": "SHA-256",
+ "content": "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/body-parser@1.19.0",
+ "externalReferences": [
+ {
+ "type": "support",
+ "url": "https://example.com/support"
+ },
+ {
+ "type": "website",
+ "url": "https://example.com/website"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "sample",
+ "version": "2.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ }
+ ],
+ "purl": "pkg:npm/sample@2.0.0",
+ "properties": [
+ {
+ "name": "foo",
+ "value": "bar"
+ },
+ {
+ "name": "moo",
+ "value": "cow"
+ }
+ ]
+ }
+ ]
+}
+```
+
### Validate
This command will parse standardized SBOMs and validate it against its declared format and version (e.g., SPDX 2.2, CycloneDX 1.4). Custom variants of standard JSON schemas can be used for validation by supplying the `--variant` name as a flag. Explicit JSON schemas can be specified using the `--force` flag.
diff --git a/acdx.json b/acdx.json
deleted file mode 100644
index 8d5d54ae..00000000
--- a/acdx.json
+++ /dev/null
@@ -1,29 +0,0 @@
-{
- "version": 1,
- "bomFormat": "CycloneDX",
- "specVersion": "1.4",
- "components": [
- {
- "name": "@ace/otc-components-react-3.0.11.tgz",
- "version": "3.0.11",
- "licenses": [
- {
- "license": {
- "id": "Requires Review"
- }
- }
- ]
- },
- {
- "name": "@ace/otc-components-react-3.0.14.tgz",
- "version": "3.0.14",
- "licenses": [
- {
- "license": {
- "id": "Requires Review"
- }
- }
- ]
- }
- ]
-}
diff --git a/cmd/diff.go b/cmd/diff.go
index b460eda2..116f3622 100644
--- a/cmd/diff.go
+++ b/cmd/diff.go
@@ -151,8 +151,10 @@ func Diff(persistentFlags utils.PersistentCommandFlags, flags utils.DiffCommandF
// #nosec G304 (suppress warning)
bBaseData, errReadBase := os.ReadFile(inputFilename)
if errReadBase != nil {
- getLogger().Debugf("%v", bBaseData[:255])
- err = getLogger().Errorf("Failed to ReadFile '%s': %s", inputFilename, err.Error())
+ if len(bBaseData) > 255 {
+ getLogger().Debugf("%v", bBaseData[:255])
+ }
+ err = getLogger().Errorf("Failed to ReadFile '%s': %s", inputFilename, errReadBase.Error())
return
}
@@ -160,8 +162,10 @@ func Diff(persistentFlags utils.PersistentCommandFlags, flags utils.DiffCommandF
// #nosec G304 (suppress warning)
bRevisedData, errReadDelta := os.ReadFile(revisedFilename)
if errReadDelta != nil {
- getLogger().Debugf("%v", bRevisedData[:255])
- err = getLogger().Errorf("Failed to ReadFile '%s': %s", inputFilename, err.Error())
+ if len(bRevisedData) > 255 {
+ getLogger().Debugf("%v", bRevisedData[:255])
+ }
+ err = getLogger().Errorf("Failed to ReadFile '%s': %s", revisedFilename, errReadDelta.Error())
return
}
@@ -201,6 +205,7 @@ func Diff(persistentFlags utils.PersistentCommandFlags, flags utils.DiffCommandF
getLogger().Warningf("Diff output format not supported for `%s` format.", format)
}
+ // Output complete diff in either supported format
fmt.Fprintf(output, "%s\n", diffString)
} else {
@@ -214,7 +219,7 @@ func Diff(persistentFlags utils.PersistentCommandFlags, flags utils.DiffCommandF
func compareBinaryData(bBaseData []byte, bRevisedData []byte) (diffResults diff.Diff, err error) {
defer func() {
if recoveredPanic := recover(); recoveredPanic != nil {
- fmt.Println("panic occurred:", recoveredPanic)
+ getLogger().Infof("ADVICE: Use the Trim command before Diff to remove highly variable data, such as: \"bom-ref\", \"hashes\" and \"properties\".")
err = getLogger().Errorf("panic occurred: %v", recoveredPanic)
return
}
diff --git a/cmd/diff_test.go b/cmd/diff_test.go
index f4cceb68..9e4e166f 100644
--- a/cmd/diff_test.go
+++ b/cmd/diff_test.go
@@ -26,154 +26,93 @@ import (
)
const (
- TEST_CDX_1_4_MATURITY_EXAMPLE_1_DELTA = "test/diff/cdx-1-4-mature-example-1-delta.json"
- TEST_ARRAY_ORDER_CHANGE_BASE = "test/diff/json-array-order-change-base.json"
- TEST_ARRAY_ORDER_CHANGE_DELTA = "test/diff/json-array-order-change-delta.json"
+ TEST_DIFF_ARRAY_ORDER_CHANGE_BASE = "test/diff/json-array-order-change-base.json"
+ TEST_DIFF_ARRAY_ORDER_CHANGE_DELTA = "test/diff/json-array-order-change-delta.json"
- TEST_ARRAY_ORDER_CHANGE_WITH_DELETE_BASE = "test/diff/json-array-order-change-with-delete-base.json"
- TEST_ARRAY_ORDER_CHANGE_WITH_DELETE_DELTA = "test/diff/json-array-order-change-with-delete-delta.json"
+ TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_DELETE_BASE = "test/diff/json-array-order-change-with-delete-base.json"
+ TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_DELETE_DELTA = "test/diff/json-array-order-change-with-delete-delta.json"
- TEST_ARRAY_ORDER_CHANGE_WITH_ADD_BASE = "test/diff/json-array-order-change-with-add-base.json"
- TEST_ARRAY_ORDER_CHANGE_WITH_ADD_DELTA = "test/diff/json-array-order-change-with-add-delta.json"
+ TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_ADD_BASE = "test/diff/json-array-order-change-with-add-base.json"
+ TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_ADD_DELTA = "test/diff/json-array-order-change-with-add-delta.json"
- TEST_ARRAY_ORDER_CHANGE_WITH_ADD_AND_DELETE_BASE = "test/diff/json-array-order-change-with-add-and-delete-base.json"
- TEST_ARRAY_ORDER_CHANGE_WITH_ADD_AND_DELETE_DELTA = "test/diff/json-array-order-change-with-add-and-delete-delta.json"
+ TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_ADD_AND_DELETE_BASE = "test/diff/json-array-order-change-with-add-and-delete-base.json"
+ TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_ADD_AND_DELETE_DELTA = "test/diff/json-array-order-change-with-add-and-delete-delta.json"
- TEST_ARRAY_ORDER_2_CHANGES_BASE = "test/diff/json-array-order-2-changes-base.json"
- TEST_ARRAY_ORDER_2_CHANGES_DELTA = "test/diff/json-array-order-2-changes-delta.json"
+ TEST_DIFF_ARRAY_ORDER_2_CHANGES_BASE = "test/diff/json-array-order-2-changes-base.json"
+ TEST_DIFF_ARRAY_ORDER_2_CHANGES_DELTA = "test/diff/json-array-order-2-changes-delta.json"
)
+// Test CycloneDX BOM deltas
+const (
+ TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_1_DELTA = "test/diff/cdx-1-4-mature-example-1-delta.json"
+ TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_2_DELTA = "test/diff/cdx-1-4-mature-example-2-delta.json"
+
+ TEST_DIFF_CDX_1_5_VULNERABILITY_BASE = "test/diff/vulnerability/cdx-1-5-vulnerabilities-base.bom.json"
+ TEST_DIFF_CDX_1_5_VULNERABILITY_ADD_1 = "test/diff/vulnerability/cdx-1-5-vulnerabilities-delta-add-1.bom.json"
+ TEST_DIFF_CDX_1_5_VULNERABILITY_REMOVE_1 = "test/diff/vulnerability/cdx-1-5-vulnerabilities-delta-remove-1.bom.json"
+)
+
+// Non-standard test files
+const (
+ TEST_DIFF_PANIC_BASE = "test/diff/panic/nats1.json"
+ TEST_DIFF_PANIC_DELTA = "test/diff/panic/nats2.json"
+)
+
+type DiffTestInfo struct {
+ CommonTestInfo
+ RevisedFilename string
+ Colorize bool
+}
+
+func (ti *DiffTestInfo) String() string {
+ buffer, _ := utils.EncodeAnyToDefaultIndentedJSONStr(ti)
+ return buffer.String()
+}
+
+func NewDiffTestInfo(inputFile string, revisedFilename string) *DiffTestInfo {
+ var ti = new(DiffTestInfo)
+ ti.RevisedFilename = revisedFilename
+ var pCommon = &ti.CommonTestInfo
+ // Note: Diff is by default "txt" format
+ pCommon.InitBasic(inputFile, FORMAT_TEXT, nil)
+ return ti
+}
+
// Tests basic validation and expected errors
-func innerDiffError(t *testing.T, baseFilename string, revisedFilename string, format string, expectedError error) (actualError error) {
+func innerDiffTest(t *testing.T, testInfo *DiffTestInfo) (actualError error) {
getLogger().Enter()
defer getLogger().Exit()
- // Copy the test filename to the command line flags where the code looks for it
- utils.GlobalFlags.PersistentFlags.OutputFormat = format
- utils.GlobalFlags.PersistentFlags.InputFile = baseFilename
- utils.GlobalFlags.DiffFlags.RevisedFile = revisedFilename
- utils.GlobalFlags.DiffFlags.Colorize = true
-
- actualError = Diff(utils.GlobalFlags.PersistentFlags, utils.GlobalFlags.DiffFlags)
+ // Copy test parameters to persistent and command-specific flags
+ utils.GlobalFlags.PersistentFlags.OutputFile = testInfo.OutputFile
+ utils.GlobalFlags.PersistentFlags.OutputFormat = testInfo.OutputFormat
+ utils.GlobalFlags.PersistentFlags.InputFile = testInfo.InputFile
+ utils.GlobalFlags.DiffFlags.RevisedFile = testInfo.RevisedFilename
+ utils.GlobalFlags.DiffFlags.Colorize = testInfo.Colorize
getLogger().Tracef("baseFilename: `%s`, revisedFilename=`%s`, actualError=`%T`",
utils.GlobalFlags.PersistentFlags.InputFile,
utils.GlobalFlags.DiffFlags.RevisedFile,
actualError)
+ actualError = Diff(utils.GlobalFlags.PersistentFlags, utils.GlobalFlags.DiffFlags)
+
// Always compare actual against expected error (even if it is `nil`)
- if !ErrorTypesMatch(actualError, expectedError) {
+ if !ErrorTypesMatch(actualError, testInfo.ResultExpectedError) {
switch t := actualError.(type) {
default:
fmt.Printf("unhandled error type: `%v`\n", t)
fmt.Printf(">> value: `%v`\n", t)
getLogger().Error(actualError)
}
- t.Errorf("expected error type: `%T`, actual type: `%T`", expectedError, actualError)
+ t.Errorf("expected error type: `%T`, actual type: `%T`", testInfo.ResultExpectedError, actualError)
}
return
}
-func TestDiffCdx14MatureDeltaDefault(t *testing.T) {
- err := innerDiffError(t,
- TEST_CDX_1_4_MATURITY_EXAMPLE_1_BASE,
- TEST_CDX_1_4_MATURITY_EXAMPLE_1_DELTA,
- FORMAT_DEFAULT,
- nil)
- if err != nil {
- t.Error(err)
- }
-}
-
-func TestDiffCdx14MatureDeltaText(t *testing.T) {
- err := innerDiffError(t,
- TEST_CDX_1_4_MATURITY_EXAMPLE_1_BASE,
- TEST_CDX_1_4_MATURITY_EXAMPLE_1_DELTA,
- FORMAT_TEXT,
- nil)
- if err != nil {
- t.Error(err)
- }
-}
-
-func TestDiffCdx14MatureDeltaJson(t *testing.T) {
- err := innerDiffError(t,
- TEST_CDX_1_4_MATURITY_EXAMPLE_1_BASE,
- TEST_CDX_1_4_MATURITY_EXAMPLE_1_DELTA,
- FORMAT_JSON,
- nil)
- if err != nil {
- t.Error(err)
- }
-}
-
-func TestDiffJsonArrayOrderMove2ObjectsFormatJson(t *testing.T) {
- err := innerDiffError(t,
- TEST_ARRAY_ORDER_2_CHANGES_BASE,
- TEST_ARRAY_ORDER_2_CHANGES_DELTA,
- FORMAT_JSON,
- nil)
- if err != nil {
- t.Error(err)
- }
-}
-
-func TestDiffJsonArrayOrderMove1ObjectFormatJson(t *testing.T) {
- err := innerDiffError(t,
- TEST_ARRAY_ORDER_CHANGE_BASE,
- TEST_ARRAY_ORDER_CHANGE_DELTA,
- FORMAT_JSON,
- nil)
- if err != nil {
- t.Error(err)
- }
-}
-
-func TestDiffJsonArrayOrderMove1ObjectFormatText(t *testing.T) {
- err := innerDiffError(t,
- TEST_ARRAY_ORDER_CHANGE_BASE,
- TEST_ARRAY_ORDER_CHANGE_DELTA,
- FORMAT_TEXT,
- nil)
- if err != nil {
- t.Error(err)
- }
-}
-
-func TestDiffJsonArrayOrderMove1ObjectWithDeleteFormatText(t *testing.T) {
- err := innerDiffError(t,
- TEST_ARRAY_ORDER_CHANGE_WITH_DELETE_BASE,
- TEST_ARRAY_ORDER_CHANGE_WITH_DELETE_DELTA,
- FORMAT_TEXT,
- nil)
- if err != nil {
- t.Error(err)
- }
-}
-
-func TestDiffJsonArrayOrderMove1ObjectWithAddFormatText(t *testing.T) {
- err := innerDiffError(t,
- TEST_ARRAY_ORDER_CHANGE_WITH_ADD_BASE,
- TEST_ARRAY_ORDER_CHANGE_WITH_ADD_DELTA,
- FORMAT_TEXT,
- nil)
- if err != nil {
- t.Error(err)
- }
-}
-
-func TestDiffJsonArrayOrderMove1ObjectWithAddAndDeleteFormatText(t *testing.T) {
- err := innerDiffError(t,
- TEST_ARRAY_ORDER_CHANGE_WITH_ADD_AND_DELETE_BASE,
- TEST_ARRAY_ORDER_CHANGE_WITH_ADD_AND_DELETE_DELTA,
- FORMAT_TEXT,
- nil)
- if err != nil {
- t.Error(err)
- }
-}
-
+// TODO: support testing if "deltas" expressed in JSON diff records
+// match expected output records.
// func debugDeltas(deltas []diff.Delta, indent string) (err error) {
// for _, delta := range deltas {
// //fmt.Printf("delta: %v\n", delta)
@@ -223,3 +162,119 @@ func TestDiffJsonArrayOrderMove1ObjectWithAddAndDeleteFormatText(t *testing.T) {
// func Colorize(color string, text string) (colorizedText string) {
// return color + text + Reset
// }
+
+func TestDiffJsonArrayOrderMove2ObjectsFormatJson(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_DIFF_ARRAY_ORDER_2_CHANGES_BASE, TEST_DIFF_ARRAY_ORDER_2_CHANGES_DELTA)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_ARRAY_ORDER_2_CHANGES_DELTA)
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+func TestDiffJsonArrayOrderMove1ObjectFormatJson(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_DIFF_ARRAY_ORDER_CHANGE_BASE, TEST_DIFF_ARRAY_ORDER_CHANGE_DELTA)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_ARRAY_ORDER_CHANGE_DELTA)
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+func TestDiffJsonArrayOrderMove1ObjectFormatText(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_DIFF_ARRAY_ORDER_CHANGE_BASE, TEST_DIFF_ARRAY_ORDER_CHANGE_DELTA)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_ARRAY_ORDER_CHANGE_DELTA)
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+func TestDiffJsonArrayOrderMove1ObjectWithDeleteFormatText(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_DELETE_BASE, TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_DELETE_DELTA)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_DELETE_DELTA)
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+func TestDiffJsonArrayOrderMove1ObjectWithAddFormatText(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_ADD_BASE, TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_ADD_DELTA)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_ADD_DELTA)
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+func TestDiffJsonArrayOrderMove1ObjectWithAddAndDeleteFormatText(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_ADD_AND_DELETE_BASE, TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_ADD_AND_DELETE_DELTA)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_ARRAY_ORDER_CHANGE_WITH_ADD_AND_DELETE_DELTA)
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+// =====================================================
+// CycloneDX BOM variant tests
+// =====================================================
+
+func TestDiffCdx14MatureDelta1Text(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_CDX_1_4_MATURITY_EXAMPLE_1_BASE, TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_1_DELTA)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_1_DELTA)
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+func TestDiffCdx14MatureDelta1Json(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_CDX_1_4_MATURITY_EXAMPLE_1_BASE, TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_1_DELTA)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_1_DELTA)
+ ti.OutputFormat = FORMAT_JSON
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+func TestDiffCdx14MatureDelta2(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_CDX_1_4_MATURITY_EXAMPLE_1_BASE, TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_2_DELTA)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_CDX_1_4_MATURITY_EXAMPLE_2_DELTA)
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+func TestDiffJsonVulnerabilitiesAdd1(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_DIFF_CDX_1_5_VULNERABILITY_BASE, TEST_DIFF_CDX_1_5_VULNERABILITY_ADD_1)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_CDX_1_5_VULNERABILITY_ADD_1)
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+func TestDiffJsonVulnerabilitiesRemove1(t *testing.T) {
+ ti := NewDiffTestInfo(TEST_DIFF_CDX_1_5_VULNERABILITY_BASE, TEST_DIFF_CDX_1_5_VULNERABILITY_REMOVE_1)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_CDX_1_5_VULNERABILITY_REMOVE_1)
+ err := innerDiffTest(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
+
+// NOTE: In order to debug panic handling... here is a test
+// Unfortunately, we cannot run it as part of function test as it "times out"
+// TODO: Create smaller test files that cause panic in Diff command's underlying libs.
+// func TestDiffJsonPanicNATs(t *testing.T) {
+// ti := NewDiffTestInfo(TEST_DIFF_PANIC_BASE, TEST_DIFF_PANIC_DELTA)
+// ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_DIFF_PANIC_DELTA)
+// err := innerDiffTest(t, ti)
+// if err != nil {
+// t.Error(err)
+// }
+// }
diff --git a/cmd/document.go b/cmd/document.go
index 01de33cc..1f25448b 100644
--- a/cmd/document.go
+++ b/cmd/document.go
@@ -63,3 +63,38 @@ func LoadInputBOMFileAndDetectSchema() (document *schema.BOM, err error) {
getLogger().Infof("Matching BOM schema (for validation): %s", document.SchemaInfo.File)
return
}
+
+func LoadBOMFile(inputFile string) (document *schema.BOM, err error) {
+ getLogger().Enter()
+ defer getLogger().Exit()
+
+ if inputFile == "" {
+ return nil, fmt.Errorf("invalid input file (-%s): `%s` ", FLAG_FILENAME_INPUT_SHORT, inputFile)
+ }
+
+ // Construct a BOM document object around the input file
+ document = schema.NewBOM(inputFile)
+
+ // Load the raw, candidate BOM (file) as JSON data
+ getLogger().Infof("Attempting to load and unmarshal data from: `%s`...", document.GetFilenameInterpolated())
+ err = document.UnmarshalBOMAsJSONMap() // i.e., utils.Flags.InputFile
+ if err != nil {
+ return
+ }
+ getLogger().Infof("Successfully unmarshalled data from: `%s`", document.GetFilenameInterpolated())
+
+ // Search the document keys/values for known BOM formats and schema in the config. file
+ getLogger().Infof("Determining file's BOM format and version...")
+ err = SupportedFormatConfig.FindFormatAndSchema(document)
+ if err != nil {
+ return
+ }
+
+ // Display detected format, version with (optional) schema variant (i.e., if requested on command line)
+ getLogger().Infof("Determined BOM format, version (variant): `%s`, `%s` %s",
+ document.FormatInfo.CanonicalName,
+ document.SchemaInfo.Version,
+ schema.FormatSchemaVariant(document.SchemaInfo.Variant))
+ getLogger().Infof("Matching BOM schema (for validation): %s", document.SchemaInfo.File)
+ return
+}
diff --git a/cmd/license.go b/cmd/license.go
index a817e054..ec949974 100644
--- a/cmd/license.go
+++ b/cmd/license.go
@@ -263,7 +263,7 @@ func hashComponentLicense(bom *schema.BOM, policyConfig *schema.LicensePolicyCon
if cdxComponent.BOMRef != nil {
licenseInfo.BOMRef = *cdxComponent.BOMRef
}
- _, err = bom.HashLicenseInfo(policyConfig, LICENSE_NO_ASSERTION, licenseInfo, whereFilters)
+ _, err = bom.HashmapLicenseInfo(policyConfig, LICENSE_NO_ASSERTION, licenseInfo, whereFilters)
getLogger().Warningf("%s: %s (name:`%s`, version: `%s`, package-url: `%s`)",
"No license found for component. bomRef",
@@ -322,7 +322,7 @@ func hashServiceLicense(bom *schema.BOM, policyConfig *schema.LicensePolicyConfi
if cdxService.BOMRef != nil {
licenseInfo.BOMRef = *cdxService.BOMRef
}
- _, err = bom.HashLicenseInfo(policyConfig, LICENSE_NO_ASSERTION, licenseInfo, whereFilters)
+ _, err = bom.HashmapLicenseInfo(policyConfig, LICENSE_NO_ASSERTION, licenseInfo, whereFilters)
getLogger().Warningf("%s: %s (name: `%s`, version: `%s`)",
"No license found for service. bomRef",
@@ -362,13 +362,13 @@ func hashLicenseInfoByLicenseType(bom *schema.BOM, policyConfig *schema.LicenseP
if pLicense != nil && pLicense.Id != "" {
licenseInfo.LicenseChoiceTypeValue = schema.LC_TYPE_ID
- _, err = bom.HashLicenseInfo(policyConfig, pLicense.Id, licenseInfo, whereFilters)
+ _, err = bom.HashmapLicenseInfo(policyConfig, pLicense.Id, licenseInfo, whereFilters)
} else if pLicense != nil && pLicense.Name != "" {
licenseInfo.LicenseChoiceTypeValue = schema.LC_TYPE_NAME
- _, err = bom.HashLicenseInfo(policyConfig, pLicense.Name, licenseInfo, whereFilters)
+ _, err = bom.HashmapLicenseInfo(policyConfig, pLicense.Name, licenseInfo, whereFilters)
} else if licenseChoice.Expression != "" {
licenseInfo.LicenseChoiceTypeValue = schema.LC_TYPE_EXPRESSION
- _, err = bom.HashLicenseInfo(policyConfig, licenseChoice.Expression, licenseInfo, whereFilters)
+ _, err = bom.HashmapLicenseInfo(policyConfig, licenseChoice.Expression, licenseInfo, whereFilters)
} else {
// Note: This code path only executes if hashing is performed
// without schema validation (which would find this as an error)
diff --git a/cmd/normalize_test.go b/cmd/normalize_test.go
new file mode 100644
index 00000000..6066431e
--- /dev/null
+++ b/cmd/normalize_test.go
@@ -0,0 +1,282 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cmd
+
+import (
+ "bufio"
+ "bytes"
+ "io"
+ "log"
+ "os"
+ "testing"
+
+ "github.com/CycloneDX/sbom-utility/utils"
+)
+
+const (
+ TEST_CDX_1_5_NORMALIZE_COMPONENTS = "test/normalize/cdx-1-5-components.bom.json"
+ TEST_CDX_1_5_NORMALIZE_SERVICES = "test/normalize/cdx-1-5-services.bom.json"
+ TEST_CDX_1_5_NORMALIZE_LICENSES = "test/normalize/cdx-1-5-licenses.bom.json"
+ TEST_CDX_1_5_NORMALIZE_DEPENDENCIES = "test/normalize/cdx-1-5-dependencies.bom.json"
+ TEST_CDX_1_5_NORMALIZE_EXTERNAL_REFERENCES = "test/normalize/cdx-1-5-external-references.bom.json"
+ TEST_CDX_1_5_NORMALIZE_VULNERABILITIES = "test/normalize/cdx-1-5-vulnerabilities.bom.json"
+ TEST_CDX_1_5_NORMALIZE_VULNERABILITIES_NATS_BOX = "test/normalize/cdx-1-5-vulnerabilities-container-nats-box.bom.json"
+ TEST_CDX_1_4_NORMALIZE_COMPONENTS_XXL = "test/normalize/cdx-1-4-components-xxl.bom.json"
+ TEST_CDX_1_2_NORMALIZE_COMPONENTS_PROTON = "test/normalize/cdx-1-2-components-protonmail.bom.json"
+)
+
+type NormalizeTestInfo struct {
+ CommonTestInfo
+ Keys []string
+ FromPaths []string
+ Normalize bool
+}
+
+func (ti *NormalizeTestInfo) String() string {
+ buffer, _ := utils.EncodeAnyToDefaultIndentedJSONStr(ti)
+ return buffer.String()
+}
+
+func NewNormalizeTestInfo(inputFile string, resultExpectedError error) *NormalizeTestInfo {
+ var ti = new(NormalizeTestInfo)
+ // Set to test normalization by default
+ ti.Normalize = true
+ var pCommon = &ti.CommonTestInfo
+ pCommon.InitBasic(inputFile, FORMAT_JSON, resultExpectedError)
+ return ti
+}
+
+func innerTestNormalize(t *testing.T, testInfo *NormalizeTestInfo) (outputBuffer bytes.Buffer, basicTestInfo string, err error) {
+ getLogger().Tracef("TestInfo: %s", testInfo)
+
+ // Mock stdin if requested
+ if testInfo.MockStdin == true {
+ utils.GlobalFlags.PersistentFlags.InputFile = INPUT_TYPE_STDIN
+ file, err := os.Open(testInfo.InputFile) // For read access.
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ // convert byte slice to io.Reader
+ savedStdIn := os.Stdin
+ // !!!Important restore stdin
+ defer func() { os.Stdin = savedStdIn }()
+ os.Stdin = file
+ }
+
+ // invoke resource list command with a byte buffer
+ outputBuffer, err = innerBufferedTestNormalize(testInfo)
+ // if the command resulted in a failure
+ if err != nil {
+ // if tests asks us to report a FAIL to the test framework
+ cti := &testInfo.CommonTestInfo
+ if cti.Autofail {
+ encodedTestInfo, _ := utils.EncodeAnyToDefaultIndentedJSONStr(testInfo)
+ t.Errorf("%s: failed: %v\n%s", cti.InputFile, err, encodedTestInfo.String())
+ }
+ return
+ }
+
+ return
+}
+
+func innerBufferedTestNormalize(testInfo *NormalizeTestInfo) (outputBuffer bytes.Buffer, err error) {
+
+ // The command looks for the input & output filename in global flags struct
+ utils.GlobalFlags.PersistentFlags.InputFile = testInfo.InputFile
+ utils.GlobalFlags.PersistentFlags.OutputFile = testInfo.OutputFile
+ utils.GlobalFlags.PersistentFlags.OutputFormat = testInfo.OutputFormat
+ utils.GlobalFlags.PersistentFlags.OutputIndent = testInfo.OutputIndent
+ utils.GlobalFlags.PersistentFlags.OutputNormalize = testInfo.Normalize // NOTE: default=true
+ utils.GlobalFlags.TrimFlags.Keys = testInfo.Keys
+ utils.GlobalFlags.TrimFlags.FromPaths = testInfo.FromPaths
+ var outputWriter io.Writer
+ var outputFile *os.File
+
+ // TODO: centralize this logic to a function all Commands can use...
+ // Note: Any "Mocking" of os.Stdin/os.Stdout should be done in functions that call this one
+ if testInfo.OutputFile == "" {
+ // Declare an output outputBuffer/outputWriter to use used during tests
+ bufferedWriter := bufio.NewWriter(&outputBuffer)
+ outputWriter = bufferedWriter
+ // MUST ensure all data is written to buffer before further testing
+ defer bufferedWriter.Flush()
+ } else {
+ outputFile, outputWriter, err = createOutputFile(testInfo.OutputFile)
+ getLogger().Tracef("outputFile: `%v`; writer: `%v`", testInfo.OutputFile, outputWriter)
+
+ // use function closure to assure consistent error output based upon error type
+ defer func() {
+ // always close the output file (even if error, as long as file handle returned)
+ if outputFile != nil {
+ outputFile.Close()
+ getLogger().Infof("Closed output file: `%s`", testInfo.OutputFile)
+ }
+ }()
+
+ if err != nil {
+ return
+ }
+ }
+
+ // NOTE: We use the Trim() command to test the Normalize() functionality for now
+ // TODO: Ideally, we want a top-level command "Normalize()" with other flag options
+ // BUT, also want to allow normalization any time ANY command writes BOM as output
+ // so the Trim() command is a great first impl. towards those goals.
+ err = Trim(outputWriter, utils.GlobalFlags.PersistentFlags, utils.GlobalFlags.TrimFlags)
+ return
+}
+
+func TestNormalizeCdx15Components(t *testing.T) {
+ ti := NewNormalizeTestInfo(TEST_CDX_1_5_NORMALIZE_COMPONENTS, nil)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_CDX_1_5_NORMALIZE_COMPONENTS)
+ // ti.FromPaths = []string{"components"}
+ innerTestNormalize(t, ti)
+ document, err := LoadBOMOutputFile(ti.CommonTestInfo)
+ if err != nil {
+ t.Error(err)
+ }
+
+ // Before looking for license data, fully unmarshal the SBOM into named structures
+ if err = document.UnmarshalCycloneDXBOM(); err != nil {
+ return
+ }
+}
+
+func TestNormalizeCdx15Services(t *testing.T) {
+ ti := NewNormalizeTestInfo(TEST_CDX_1_5_NORMALIZE_SERVICES, nil)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_CDX_1_5_NORMALIZE_SERVICES)
+ innerTestNormalize(t, ti)
+}
+
+func TestNormalizeCdx15Dependencies(t *testing.T) {
+ ti := NewNormalizeTestInfo(TEST_CDX_1_5_NORMALIZE_DEPENDENCIES, nil)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_CDX_1_5_NORMALIZE_DEPENDENCIES)
+ innerTestNormalize(t, ti)
+}
+
+func TestNormalizeCdx15ExternalReferences(t *testing.T) {
+ ti := NewNormalizeTestInfo(TEST_CDX_1_5_NORMALIZE_EXTERNAL_REFERENCES, nil)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_CDX_1_5_NORMALIZE_EXTERNAL_REFERENCES)
+ innerTestNormalize(t, ti)
+}
+
+func TestNormalizeCdx15Vulnerabilities(t *testing.T) {
+ ti := NewNormalizeTestInfo(TEST_CDX_1_5_NORMALIZE_VULNERABILITIES, nil)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_CDX_1_5_NORMALIZE_VULNERABILITIES)
+ innerTestNormalize(t, ti)
+}
+
+func TestNormalizeCdx15Licenses(t *testing.T) {
+ ti := NewNormalizeTestInfo(TEST_CDX_1_5_NORMALIZE_LICENSES, nil)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_CDX_1_5_NORMALIZE_LICENSES)
+ innerTestNormalize(t, ti)
+}
+
+// XXL Sort tests
+func TestNormalizeCdx12ComponentsProtonMail(t *testing.T) {
+ ti := NewNormalizeTestInfo(TEST_CDX_1_2_NORMALIZE_COMPONENTS_PROTON, nil)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_CDX_1_2_NORMALIZE_COMPONENTS_PROTON)
+ innerTestNormalize(t, ti)
+}
+
+func TestNormalizeCdx14ComponentsXXL(t *testing.T) {
+ ti := NewNormalizeTestInfo(TEST_CDX_1_4_NORMALIZE_COMPONENTS_XXL, nil)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_CDX_1_4_NORMALIZE_COMPONENTS_XXL)
+ innerTestNormalize(t, ti)
+}
+
+func TestNormalizeCdx15VulnerabilitiesNatsBox(t *testing.T) {
+ ti := NewNormalizeTestInfo(TEST_CDX_1_5_NORMALIZE_VULNERABILITIES_NATS_BOX, nil)
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_CDX_1_5_NORMALIZE_VULNERABILITIES_NATS_BOX)
+ innerTestNormalize(t, ti)
+}
+
+// EXPERIMENTAL:
+// TODO: see if we can create a function to loop through all nested structures and
+// report one which ones do NOT have support for the Normalizer interface.
+// This could be used to verify always have code to normalize any structure as
+// new ones are added release-to-release
+// func TestNormalizeReflect(t *testing.T) {
+// document, err := LoadBOMFile(TEST_CDX_1_5_NORMALIZE_COMPONENTS)
+// if err != nil {
+// return
+// }
+
+// if err = document.UnmarshalCycloneDXBOM(); err != nil {
+// return
+// }
+
+// // Test reflect.New using an existing instance
+// //ptrBom := reflect.New(reflect.TypeOf(*document))
+// //fmt.Printf("New *schema.BOM: %+v\n", ptrBom)
+
+// // Test reflect.New using an existing (empty) instance
+// //bom2Type := reflect.TypeOf(schema.BOM{})
+// //ptrBom2 := reflect.New(bom2Type)
+// //fmt.Printf("New *schema.BOM: %+v\n", ptrBom2)
+
+// // Assure we can
+// ptrCdxBom := document.GetCdxBom()
+// //fmt.Printf("*schema.CDXBom: %+v\n", ptrCdxBom)
+
+// ListFields(ptrCdxBom)
+// }
+
+// func ListFields(itfc interface{}) {
+// // NOTE: we can immediately use ValueOf() to dereference the interface{}
+// // NOTE: Elem() will panic if reflect.ValueOf(itfc).Kind() != reflect.Ptr || reflect.Interface
+// rvoItfc := reflect.ValueOf(itfc)
+
+// // Deref. if needed to get the ACTUAL type we want to list fields for
+// if rvoItfc.Kind() == reflect.Pointer || rvoItfc.Kind() == reflect.Interface {
+// rvoItfc = reflect.ValueOf(itfc).Elem()
+// }
+
+// // Immediately grab the Type of the dereferenced interface{}
+// rvoType := rvoItfc.Type()
+// fmt.Printf("Interface: Type: `%v`, Kind: `%v`\n", rvoType.String(), rvoType.Kind())
+
+// if rvoType.Kind() == reflect.Struct {
+// // Iterate over all fields of the Struct type (if any)
+// for i := 0; i < rvoType.NumField(); i++ {
+// field := rvoType.Field(i)
+
+// // Indirect returns the fieldValue that v points to.
+// // - If is a nil pointer, Indirect returns a zero Value.
+// // - If is not a pointer, Indirect returns (no dereference using Elem() method).
+// fieldName := field.Name
+// fieldValue := reflect.Indirect(rvoItfc).FieldByName(fieldName)
+// fvKind := fieldValue.Kind()
+// fvValueOf := reflect.ValueOf(fieldValue)
+// // TODO: explore `field.PkgPath`
+// fmt.Printf(">> Field(%v): `%s`, Kind: `%s`, Tags: `%s`, Value: `%v`\n", i, fieldName, fvKind.String(), field.Tag, fvValueOf)
+
+// // TODO: explore use of isItfc := field.CanInterface()
+// if fvKind == reflect.Ptr || fvKind == reflect.Interface {
+// if !fieldValue.IsNil() {
+// // NOTE: temp.Elem() could be reflect.Struct, reflect.Map, reflect.Slice, etc.
+// ListFields(fieldValue.Interface())
+// }
+// }
+// }
+// } else {
+// fmt.Printf("!!! Unhandled Kind(): `%v`", rvoType.Kind())
+// }
+// }
diff --git a/cmd/patch.go b/cmd/patch.go
index 98284b4f..cbe25d5c 100644
--- a/cmd/patch.go
+++ b/cmd/patch.go
@@ -188,11 +188,14 @@ func Patch(writer io.Writer, persistentFlags utils.PersistentCommandFlags, patch
return
}
- // After patch records are applied; update the CdxBOM
+ // After patch records are applied to the JSON map;
+ // update the corresponding "CdxBom" using the "unmarshal" wrapper.
// NOTE: If any JSON keys that are NOT part of the CycloneDX spec.
// have been added via a patch "add" operation, they will be removed
// during the unmarshal process.
- err = document.UnmarshalCycloneDXBOM()
+ if document.CdxBom, err = schema.UnMarshalDocument(document.JsonMap); err != nil {
+ return
+ }
// Output the "patched" version of the Input BOM
format := persistentFlags.OutputFormat
diff --git a/cmd/report.go b/cmd/report.go
index 40172fb0..a3718fd1 100644
--- a/cmd/report.go
+++ b/cmd/report.go
@@ -202,7 +202,6 @@ func prepareReportTitleData(formatData []ColumnFormatData, summarizedReport bool
}
func prepareReportLineData(structIn interface{}, formatData []ColumnFormatData, summarizedReport bool) (lineData []string, err error) {
-
var mapStruct map[string]interface{}
var data interface{}
var dataFound bool
@@ -212,7 +211,6 @@ func prepareReportLineData(structIn interface{}, formatData []ColumnFormatData,
mapStruct, err = utils.MarshalStructToJsonMap(structIn)
for _, columnData := range formatData {
-
// reset local vars
sliceString = nil
@@ -274,7 +272,6 @@ func prepareReportLineData(structIn interface{}, formatData []ColumnFormatData,
default:
err = getLogger().Errorf("Unexpected type for report data: type: `%T`, value: `%v`", data, data)
}
-
}
return
diff --git a/cmd/resource.go b/cmd/resource.go
index 2b845704..a913dad1 100644
--- a/cmd/resource.go
+++ b/cmd/resource.go
@@ -29,6 +29,7 @@ import (
"github.com/CycloneDX/sbom-utility/common"
"github.com/CycloneDX/sbom-utility/schema"
"github.com/CycloneDX/sbom-utility/utils"
+ "github.com/jwangsadinata/go-multimap"
"github.com/spf13/cobra"
)
@@ -61,6 +62,13 @@ var RESOURCE_LIST_TITLES = []string{
RESOURCE_FILTER_KEY_BOMREF,
}
+var RESOURCE_LIST_ROW_DATA = []ColumnFormatData{
+ {RESOURCE_FILTER_KEY_TYPE, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
+ {RESOURCE_FILTER_KEY_NAME, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
+ {RESOURCE_FILTER_KEY_VERSION, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, false},
+ {RESOURCE_FILTER_KEY_BOMREF, DEFAULT_COLUMN_TRUNCATE_LENGTH, REPORT_SUMMARY_DATA_TRUE, REPORT_REPLACE_LINE_FEEDS_TRUE},
+}
+
// Flags. Reuse query flag values where possible
const (
FLAG_RESOURCE_TYPE = "type"
@@ -240,14 +248,14 @@ func loadDocumentResources(document *schema.BOM, resourceType string, whereFilte
// Add top-level SBOM component
if resourceType == schema.RESOURCE_TYPE_DEFAULT || resourceType == schema.RESOURCE_TYPE_COMPONENT {
- err = document.HashComponentResources(whereFilters)
+ err = document.HashmapComponentResources(whereFilters)
if err != nil {
return
}
}
if resourceType == schema.RESOURCE_TYPE_DEFAULT || resourceType == schema.RESOURCE_TYPE_SERVICE {
- err = document.HashServiceResources(whereFilters)
+ err = document.HashmapServiceResources(whereFilters)
if err != nil {
return
}
@@ -256,9 +264,21 @@ func loadDocumentResources(document *schema.BOM, resourceType string, whereFilte
return
}
+func sortResources(entries []multimap.Entry) {
+ // Sort by Type then Name
+ sort.Slice(entries, func(i, j int) bool {
+ resource1 := (entries[i].Value).(schema.CDXResourceInfo)
+ resource2 := (entries[j].Value).(schema.CDXResourceInfo)
+ if resource1.Type != resource2.Type {
+ return resource1.Type < resource2.Type
+ }
+ return resource1.Name < resource2.Name
+ })
+}
+
// NOTE: This list is NOT de-duplicated
// TODO: Add a --no-title flag to skip title output
-func DisplayResourceListText(bom *schema.BOM, writer io.Writer) {
+func DisplayResourceListText(bom *schema.BOM, writer io.Writer) (err error) {
getLogger().Enter()
defer getLogger().Exit()
@@ -269,11 +289,11 @@ func DisplayResourceListText(bom *schema.BOM, writer io.Writer) {
// min-width, tab-width, padding, pad-char, flags
w.Init(writer, 8, 2, 2, ' ', 0)
- // create underline row from compulsory titles
- underlines := createTitleTextSeparators(RESOURCE_LIST_TITLES)
+ // create title row and underline row from slices of optional and compulsory titles
+ titles, underlines := prepareReportTitleData(RESOURCE_LIST_ROW_DATA, true)
// Add tabs between column titles for the tabWRiter
- fmt.Fprintf(w, "%s\n", strings.Join(RESOURCE_LIST_TITLES, "\t"))
+ fmt.Fprintf(w, "%s\n", strings.Join(titles, "\t"))
fmt.Fprintf(w, "%s\n", strings.Join(underlines, "\t"))
// Display a warning "missing" in the actual output and return (short-circuit)
@@ -285,30 +305,24 @@ func DisplayResourceListText(bom *schema.BOM, writer io.Writer) {
return
}
- // Sort by Type then Name
- sort.Slice(entries, func(i, j int) bool {
- resource1 := (entries[i].Value).(schema.CDXResourceInfo)
- resource2 := (entries[j].Value).(schema.CDXResourceInfo)
- if resource1.Type != resource2.Type {
- return resource1.Type < resource2.Type
- }
-
- return resource1.Name < resource2.Name
- })
-
- var resourceInfo schema.CDXResourceInfo
+ // Sort resources prior to outputting
+ sortResources(entries)
+ // Emit row data
+ var line []string
for _, entry := range entries {
- value := entry.Value
- resourceInfo = value.(schema.CDXResourceInfo)
-
- // Format line and write to output
- fmt.Fprintf(w, "%s\t%s\t%s\t%s\n",
- resourceInfo.Type,
- resourceInfo.Name,
- resourceInfo.Version,
- resourceInfo.BOMRef)
+ line, err = prepareReportLineData(
+ entry.Value.(schema.CDXResourceInfo),
+ RESOURCE_LIST_ROW_DATA,
+ true,
+ )
+ // Only emit line if no error
+ if err != nil {
+ return
+ }
+ fmt.Fprintf(w, "%s\n", strings.Join(line, "\t"))
}
+ return
}
// TODO: Add a --no-title flag to skip title output
@@ -320,8 +334,11 @@ func DisplayResourceListCSV(bom *schema.BOM, writer io.Writer) (err error) {
w := csv.NewWriter(writer)
defer w.Flush()
- if err = w.Write(RESOURCE_LIST_TITLES); err != nil {
- return getLogger().Errorf("error writing to output (%v): %s", RESOURCE_LIST_TITLES, err)
+ // Create title row data as []string
+ titles, _ := prepareReportTitleData(RESOURCE_LIST_ROW_DATA, true)
+
+ if err = w.Write(titles); err != nil {
+ return getLogger().Errorf("error writing to output (%v): %s", titles, err)
}
// Display a warning "missing" in the actual output and return (short-circuit)
@@ -337,36 +354,24 @@ func DisplayResourceListCSV(bom *schema.BOM, writer io.Writer) (err error) {
return fmt.Errorf(currentRow[0])
}
- // Sort by Type
- sort.Slice(entries, func(i, j int) bool {
- resource1 := (entries[i].Value).(schema.CDXResourceInfo)
- resource2 := (entries[j].Value).(schema.CDXResourceInfo)
- if resource1.Type != resource2.Type {
- return resource1.Type < resource2.Type
- }
-
- return resource1.Name < resource2.Name
- })
+ // Sort resources prior to outputting
+ sortResources(entries)
- var resourceInfo schema.CDXResourceInfo
var line []string
-
for _, entry := range entries {
- value := entry.Value
- resourceInfo = value.(schema.CDXResourceInfo)
- line = nil
- line = append(line,
- resourceInfo.Type,
- resourceInfo.Name,
- resourceInfo.Version,
- resourceInfo.BOMRef,
+ line, err = prepareReportLineData(
+ entry.Value.(schema.CDXResourceInfo),
+ RESOURCE_LIST_ROW_DATA,
+ true,
)
-
+ // Only emit line if no error
+ if err != nil {
+ return
+ }
if err = w.Write(line); err != nil {
err = getLogger().Errorf("csv.Write: %w", err)
}
}
-
return
}
@@ -375,10 +380,14 @@ func DisplayResourceListMarkdown(bom *schema.BOM, writer io.Writer) (err error)
getLogger().Enter()
defer getLogger().Exit()
+ // Create title row data as []string
+ titles, _ := prepareReportTitleData(RESOURCE_LIST_ROW_DATA, true)
+
// create title row
- titleRow := createMarkdownRow(RESOURCE_LIST_TITLES)
+ titleRow := createMarkdownRow(titles)
fmt.Fprintf(writer, "%s\n", titleRow)
+ // create alignment row
alignments := createMarkdownColumnAlignment(RESOURCE_LIST_TITLES)
alignmentRow := createMarkdownRow(alignments)
fmt.Fprintf(writer, "%s\n", alignmentRow)
@@ -392,37 +401,24 @@ func DisplayResourceListMarkdown(bom *schema.BOM, writer io.Writer) (err error)
return fmt.Errorf(MSG_OUTPUT_NO_RESOURCES_FOUND)
}
- // Sort by Type
- sort.Slice(entries, func(i, j int) bool {
- resource1 := (entries[i].Value).(schema.CDXResourceInfo)
- resource2 := (entries[j].Value).(schema.CDXResourceInfo)
- if resource1.Type != resource2.Type {
- return resource1.Type < resource2.Type
- }
+ // Sort resources prior to outputting
+ sortResources(entries)
- return resource1.Name < resource2.Name
- })
-
- var resourceInfo schema.CDXResourceInfo
+ //var resourceInfo schema.CDXResourceInfo
var line []string
var lineRow string
-
for _, entry := range entries {
- value := entry.Value
- resourceInfo = value.(schema.CDXResourceInfo)
- // reset current line
- line = nil
-
- line = append(line,
- resourceInfo.Type,
- resourceInfo.Name,
- resourceInfo.Version,
- resourceInfo.BOMRef,
+ line, err = prepareReportLineData(
+ entry.Value.(schema.CDXResourceInfo),
+ RESOURCE_LIST_ROW_DATA,
+ true,
)
-
+ // Only emit line if no error
+ if err != nil {
+ return
+ }
lineRow = createMarkdownRow(line)
fmt.Fprintf(writer, "%s\n", lineRow)
}
-
return
}
diff --git a/cmd/resource_test.go b/cmd/resource_test.go
index 3412e8af..f8f8efc2 100644
--- a/cmd/resource_test.go
+++ b/cmd/resource_test.go
@@ -194,18 +194,15 @@ func TestResourceListTextCdx13(t *testing.T) {
nil, // no error
schema.RESOURCE_TYPE_DEFAULT,
)
-
innerTestResourceList(t, rti)
}
func TestResourceListTextCdx14SaaS(t *testing.T) {
-
rti := NewResourceTestInfoBasic(
TEST_RESOURCE_LIST_CDX_1_4_SAAS_1,
FORMAT_TEXT,
nil, // no error
schema.RESOURCE_TYPE_COMPONENT)
-
innerTestResourceList(t, rti)
}
diff --git a/cmd/root.go b/cmd/root.go
index 7d9321e6..ad124cae 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -84,21 +84,23 @@ const (
FLAG_LOG_OUTPUT_INDENT = "log-indent"
FLAG_FILE_OUTPUT_FORMAT = "format"
FLAG_COLORIZE_OUTPUT = "colorize"
+ FLAG_OUTPUT_NORMALIZE = "normalize"
)
const (
- MSG_APP_NAME = "Bill-of-Materials (BOM) utility."
- MSG_APP_DESCRIPTION = "This utility serves as centralized command-line interface for various Bill-of-Materials (BOM) helper utilities."
- MSG_FLAG_TRACE = "enable trace logging"
- MSG_FLAG_DEBUG = "enable debug logging"
- MSG_FLAG_INPUT = "input filename (e.g., \"path/sbom.json\")"
- MSG_FLAG_OUTPUT = "output filename"
- MSG_FLAG_OUTPUT_FORMAT = "format output using the specified type"
- MSG_FLAG_LOG_QUIET = "enable quiet logging mode (removes all informational messages from console output); overrides other logging commands"
- MSG_FLAG_LOG_INDENT = "enable log indentation of functional callstack"
- MSG_FLAG_CONFIG_SCHEMA = "provide custom application schema configuration file (i.e., overrides default `config.json`)"
- MSG_FLAG_CONFIG_LICENSE = "provide custom application license policy configuration file (i.e., overrides default `license.json`)"
- MSG_FLAG_OUTPUT_INDENT = "number of space characters used to indent JSON formatted output"
+ MSG_APP_NAME = "Bill-of-Materials (BOM) utility."
+ MSG_APP_DESCRIPTION = "This utility serves as centralized command-line interface for various Bill-of-Materials (BOM) helper utilities."
+ MSG_FLAG_TRACE = "enable trace logging"
+ MSG_FLAG_DEBUG = "enable debug logging"
+ MSG_FLAG_INPUT = "input filename (e.g., \"path/sbom.json\")"
+ MSG_FLAG_OUTPUT = "output filename"
+ MSG_FLAG_OUTPUT_FORMAT = "format output using the specified type"
+ MSG_FLAG_LOG_QUIET = "enable quiet logging mode (removes all informational messages from console output); overrides other logging commands"
+ MSG_FLAG_LOG_INDENT = "enable log indentation of functional callstack"
+ MSG_FLAG_CONFIG_SCHEMA = "provide custom application schema configuration file (i.e., overrides default `config.json`)"
+ MSG_FLAG_CONFIG_LICENSE = "provide custom application license policy configuration file (i.e., overrides default `license.json`)"
+ MSG_FLAG_OUTPUT_INDENT = "number of space characters used to indent JSON formatted output"
+ MSG_FLAG_OUTPUT_NORMALIZE = "Normalize BOM document"
)
const (
diff --git a/cmd/root_test.go b/cmd/root_test.go
index c3ed580e..e1eafa37 100644
--- a/cmd/root_test.go
+++ b/cmd/root_test.go
@@ -29,6 +29,7 @@ import (
"testing"
"github.com/CycloneDX/sbom-utility/common"
+ "github.com/CycloneDX/sbom-utility/schema"
"github.com/CycloneDX/sbom-utility/utils"
)
@@ -351,3 +352,8 @@ func verifyFileLineCountAndIndentation(t *testing.T, buffer bytes.Buffer, cti *C
getLogger().Tracef("success: output contained expected indent length: %v, at line: %v", cti.ResultExpectedIndentLength, cti.ResultLineContainsValuesAtLineNum)
return
}
+
+func LoadBOMOutputFile(originalTest CommonTestInfo) (bom *schema.BOM, err error) {
+ filename := originalTest.OutputFile
+ return LoadBOMFile(filename)
+}
diff --git a/cmd/stats.go b/cmd/stats.go
index a505bdbd..b92c0edb 100644
--- a/cmd/stats.go
+++ b/cmd/stats.go
@@ -181,17 +181,17 @@ func loadDocumentStatisticalEntities(document *schema.BOM, statsFlags utils.Stat
return
}
- err = document.HashComponentResources(nil)
+ err = document.HashmapComponentResources(nil)
if err != nil {
return
}
- err = document.HashServiceResources(nil)
+ err = document.HashmapServiceResources(nil)
if err != nil {
return
}
- err = document.HashVulnerabilityResources(nil)
+ err = document.HashmapVulnerabilityResources(nil)
if err != nil {
return
}
diff --git a/cmd/stats_test.go b/cmd/stats_test.go
index 24b58f74..05dc6d87 100644
--- a/cmd/stats_test.go
+++ b/cmd/stats_test.go
@@ -54,7 +54,7 @@ func NewStatsTestInfoBasic(inputFile string, listFormat string, resultExpectedEr
// -------------------------------------------
// resource list test helper functions
// -------------------------------------------
-func innerBufferedTestStatsList(t *testing.T, testInfo *StatsTestInfo) (outputBuffer bytes.Buffer, err error) {
+func innerBufferedTestStatsList(testInfo *StatsTestInfo) (outputBuffer bytes.Buffer, err error) {
// Declare an output outputBuffer/outputWriter to use used during tests
var outputWriter = bufio.NewWriter(&outputBuffer)
// ensure all data is written to buffer before further validation
@@ -90,7 +90,7 @@ func innerTestStatsList(t *testing.T, testInfo *StatsTestInfo) (outputBuffer byt
}
// invoke resource list command with a byte buffer
- outputBuffer, err = innerBufferedTestStatsList(t, testInfo)
+ outputBuffer, err = innerBufferedTestStatsList(testInfo)
return
}
diff --git a/cmd/trim.go b/cmd/trim.go
index 3dfeae9e..df6d7e2c 100644
--- a/cmd/trim.go
+++ b/cmd/trim.go
@@ -32,6 +32,7 @@ import (
const (
FLAG_TRIM_FROM_PATHS = "from"
FLAG_TRIM_MAP_KEYS = "keys"
+ FLAG_TRIM_NORMALIZE = "normalize"
)
// flag help (translate)
@@ -73,6 +74,7 @@ func initCommandTrimFlags(command *cobra.Command) (err error) {
command.PersistentFlags().StringVar(&utils.GlobalFlags.PersistentFlags.OutputFormat, FLAG_OUTPUT_FORMAT, FORMAT_JSON,
MSG_FLAG_OUTPUT_FORMAT+TRIM_OUTPUT_SUPPORTED_FORMATS)
+ command.PersistentFlags().BoolVar(&utils.GlobalFlags.PersistentFlags.OutputNormalize, FLAG_OUTPUT_NORMALIZE, false, MSG_FLAG_OUTPUT_NORMALIZE)
command.Flags().StringVarP(&utils.GlobalFlags.TrimFlags.RawPaths, FLAG_TRIM_FROM_PATHS, "", "", MSG_FLAG_TRIM_FROM_PATHS)
command.Flags().StringVarP(&utils.GlobalFlags.TrimFlags.RawKeys, FLAG_TRIM_MAP_KEYS, "", "", MSG_FLAG_TRIM_KEYS)
err = command.MarkFlagRequired(FLAG_TRIM_MAP_KEYS)
@@ -159,7 +161,7 @@ func Trim(writer io.Writer, persistentFlags utils.PersistentCommandFlags, trimFl
}
// validate parameters
- if len(trimFlags.Keys) == 0 {
+ if len(trimFlags.Keys) == 0 && !persistentFlags.OutputNormalize {
// TODO create named error type in schema package
err = getLogger().Errorf("invalid parameter value: missing `keys` value from command")
return
@@ -199,6 +201,17 @@ func Trim(writer io.Writer, persistentFlags utils.PersistentCommandFlags, trimFl
return
}
+ // Sort slices of BOM if "sort" flag set to true
+ if persistentFlags.OutputNormalize {
+ // Sort the slices of structures
+ if document.GetCdxBom() != nil {
+ bom := document.GetCdxBom()
+ if schema.NormalizeSupported(bom) {
+ document.GetCdxBom().Normalize()
+ }
+ }
+ }
+
// Output the "trimmed" version of the Input BOM
format := persistentFlags.OutputFormat
getLogger().Infof("Writing trimmed BOM (`%s` format)...", format)
diff --git a/cmd/trim_test.go b/cmd/trim_test.go
index d61abea0..98b2430e 100644
--- a/cmd/trim_test.go
+++ b/cmd/trim_test.go
@@ -39,6 +39,7 @@ const (
TEST_TRIM_CDX_1_5_SAMPLE_SMALL_COMPS_ONLY = "test/trim/trim-cdx-1-5-sample-small-components-only.sbom.json"
TEST_TRIM_CDX_1_4_SAMPLE_VEX = "test/trim/trim-cdx-1-4-sample-vex.json"
TEST_TRIM_CDX_1_5_SAMPLE_MEDIUM_1 = "test/trim/trim-cdx-1-5-sample-medium-1.sbom.json"
+ TEST_TRIM_CDX_1_5_COMPONENTS_NORMALIZE = "test/trim/trim-cdx-1-5-sample-components-normalize.sbom.json"
)
type TrimTestInfo struct {
@@ -400,3 +401,23 @@ func TestTrimCdx14SourceFromVulnerabilities(t *testing.T) {
t.Error(err)
}
}
+
+// ----------------------------------------
+// Trim "properties" and --normalize
+// ----------------------------------------
+
+func TestTrimCdx15ComponentsPropertiesAndNormalize(t *testing.T) {
+ ti := NewTrimTestInfo(TEST_TRIM_CDX_1_5_COMPONENTS_NORMALIZE, nil)
+ ti.Keys = append(ti.Keys, "properties")
+ ti.FromPaths = []string{""}
+ ti.OutputFile = ti.CreateTemporaryTestOutputFilename(TEST_TRIM_CDX_1_5_COMPONENTS_NORMALIZE)
+ _, _, err := innerTestTrim(t, ti)
+ if err != nil {
+ t.Error(err)
+ }
+ // Assure JSON map does not contain the trimmed key(s)
+ err = VerifyTrimOutputFileResult(t, *ti)
+ if err != nil {
+ t.Error(err)
+ }
+}
diff --git a/cmd/validate.go b/cmd/validate.go
index 199b400a..17bb7c7c 100644
--- a/cmd/validate.go
+++ b/cmd/validate.go
@@ -181,7 +181,7 @@ func validationError(document *schema.BOM, valid bool, err error) {
getLogger().Info(message)
}
-func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, validateFlags utils.ValidateCommandFlags) (valid bool, document *schema.BOM, schemaErrors []gojsonschema.ResultError, err error) {
+func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, validateFlags utils.ValidateCommandFlags) (valid bool, bom *schema.BOM, schemaErrors []gojsonschema.ResultError, err error) {
getLogger().Enter()
defer getLogger().Exit()
@@ -189,26 +189,26 @@ func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, va
defer func() {
if err != nil {
// normalize the error output to console
- validationError(document, valid, err)
+ validationError(bom, valid, err)
}
}()
// Attempt to load and unmarshal the input file as a Json document
// Note: JSON syntax errors return "encoding/json.SyntaxError"
- document, err = LoadInputBOMFileAndDetectSchema()
+ bom, err = LoadInputBOMFileAndDetectSchema()
if err != nil {
- return INVALID, document, schemaErrors, err
+ return INVALID, bom, schemaErrors, err
}
// if "custom" flag exists, then assure we support the format
- if validateFlags.CustomValidation && !document.FormatInfo.IsCycloneDx() {
+ if validateFlags.CustomValidation && !bom.FormatInfo.IsCycloneDx() {
err = schema.NewUnsupportedFormatError(
schema.MSG_FORMAT_UNSUPPORTED_COMMAND,
- document.GetFilename(),
- document.FormatInfo.CanonicalName,
+ bom.GetFilename(),
+ bom.FormatInfo.CanonicalName,
CMD_VALIDATE,
FLAG_VALIDATE_CUSTOM)
- return valid, document, schemaErrors, err
+ return valid, bom, schemaErrors, err
}
// Create a loader for the BOM (JSON) document
@@ -217,7 +217,7 @@ func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, va
var errRead error
var bSchema, bDocument []byte
- if bDocument = document.GetRawBytes(); len(bDocument) > 0 {
+ if bDocument = bom.GetRawBytes(); len(bDocument) > 0 {
bufferTemp := new(bytes.Buffer)
// Strip off newlines which the json Decoder dislikes at EOF (as well as extra spaces, etc.)
if err := json.Compact(bufferTemp, bDocument); err != nil {
@@ -230,10 +230,10 @@ func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, va
}
if documentLoader == nil {
- return INVALID, document, schemaErrors, fmt.Errorf("unable to load document: `%s`", document.GetFilename())
+ return INVALID, bom, schemaErrors, fmt.Errorf("unable to load document: `%s`", bom.GetFilename())
}
- schemaName := document.SchemaInfo.File
+ schemaName := bom.SchemaInfo.File
// If caller "forced" a specific schema file (version), load it instead of
// any SchemaInfo found in config.json
@@ -248,13 +248,13 @@ func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, va
} else {
// Load the matching JSON schema (format, version and variant) from embedded resources
// i.e., using the matching schema found in config.json (as SchemaInfo)
- getLogger().Infof("Loading schema `%s`...", document.SchemaInfo.File)
- bSchema, errRead = resources.BOMSchemaFiles.ReadFile(document.SchemaInfo.File)
+ getLogger().Infof("Loading schema `%s`...", bom.SchemaInfo.File)
+ bSchema, errRead = resources.BOMSchemaFiles.ReadFile(bom.SchemaInfo.File)
if errRead != nil {
// we force result to INVALID as any errors from the library means
// we could NOT actually confirm the input documents validity
- return INVALID, document, schemaErrors, errRead
+ return INVALID, bom, schemaErrors, errRead
}
schemaLoader = gojsonschema.NewBytesLoader(bSchema)
@@ -263,7 +263,7 @@ func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, va
if schemaLoader == nil {
// we force result to INVALID as any errors from the library means
// we could NOT actually confirm the input documents validity
- return INVALID, document, schemaErrors, fmt.Errorf("unable to read schema: `%s`", schemaName)
+ return INVALID, bom, schemaErrors, fmt.Errorf("unable to read schema: `%s`", schemaName)
}
// create a reusable schema object (TODO: validate multiple documents)
@@ -286,13 +286,13 @@ func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, va
}
if errLoad != nil {
- return INVALID, document, schemaErrors, fmt.Errorf("unable to load schema: `%s`", schemaName)
+ return INVALID, bom, schemaErrors, fmt.Errorf("unable to load schema: `%s`", schemaName)
}
getLogger().Infof("Schema `%s` loaded.", schemaName)
// Validate against the schema and save result determination
- getLogger().Infof("Validating `%s`...", document.GetFilenameInterpolated())
+ getLogger().Infof("Validating `%s`...", bom.GetFilenameInterpolated())
result, errValidate := jsonBOMSchema.Validate(documentLoader)
// ALWAYS set the valid return parameter and provide user an informative message
@@ -303,14 +303,14 @@ func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, va
if errValidate != nil {
// we force result to INVALID as any errors from the library means
// we could NOT actually confirm the input documents validity
- return INVALID, document, schemaErrors, errValidate
+ return INVALID, bom, schemaErrors, errValidate
}
// Note: actual schema validation errors appear in the `result` object
// Save all schema errors found in the `result` object in an explicit, typed error
if schemaErrors = result.Errors(); len(schemaErrors) > 0 {
errInvalid := NewInvalidSBOMError(
- document,
+ bom,
MSG_SCHEMA_ERRORS,
nil,
schemaErrors)
@@ -333,14 +333,14 @@ func Validate(writer io.Writer, persistentFlags utils.PersistentCommandFlags, va
FormatSchemaErrors(writer, schemaErrors, validateFlags, FORMAT_TEXT)
}
- return INVALID, document, schemaErrors, errInvalid
+ return INVALID, bom, schemaErrors, errInvalid
}
// TODO: Perhaps factor in these errors into the JSON output as if they were actual schema errors...
// Perform additional validation in document composition/structure
// and "custom" required data within specified fields
if validateFlags.CustomValidation {
- valid, err = validateCustom(document, LicensePolicyConfig)
+ valid, err = validateCustom(bom, LicensePolicyConfig)
}
// All validation tests passed; return VALID
diff --git a/cmd/vulnerability.go b/cmd/vulnerability.go
index 40ac11e9..f1b74781 100644
--- a/cmd/vulnerability.go
+++ b/cmd/vulnerability.go
@@ -258,7 +258,7 @@ func loadDocumentVulnerabilities(document *schema.BOM, whereFilters []common.Whe
// Hash all components found in the (root).components[] (+ "nested" components)
pVulnerabilities := document.GetCdxVulnerabilities()
if pVulnerabilities != nil && len(*pVulnerabilities) > 0 {
- if err = document.HashVulnerabilities(*pVulnerabilities, whereFilters); err != nil {
+ if err = document.HashmapVulnerabilities(*pVulnerabilities, whereFilters); err != nil {
return
}
}
@@ -268,7 +268,7 @@ func loadDocumentVulnerabilities(document *schema.BOM, whereFilters []common.Whe
// NOTE: This list is NOT de-duplicated
// TODO: Add a --no-title flag to skip title output
-func DisplayVulnListText(bom *schema.BOM, writer io.Writer, flags utils.VulnerabilityCommandFlags) {
+func DisplayVulnListText(bom *schema.BOM, writer io.Writer, flags utils.VulnerabilityCommandFlags) (err error) {
getLogger().Enter()
defer getLogger().Exit()
@@ -302,13 +302,18 @@ func DisplayVulnListText(bom *schema.BOM, writer io.Writer, flags utils.Vulnerab
var line []string
for _, entry := range entries {
// TODO surface error data to top-level command
- line, _ = prepareReportLineData(
+ line, err = prepareReportLineData(
entry.Value.(schema.VulnerabilityInfo),
VULNERABILITY_LIST_ROW_DATA,
flags.Summary,
)
+ // Only emit line if no error
+ if err != nil {
+ return
+ }
fmt.Fprintf(w, "%s\n", strings.Join(line, "\t"))
}
+ return
}
// TODO: Add a --no-title flag to skip title output
@@ -346,18 +351,19 @@ func DisplayVulnListCSV(bom *schema.BOM, writer io.Writer, flags utils.Vulnerabi
// Emit row data
var line []string
for _, entry := range entries {
- // TODO surface error data to top-level command
- line, _ = prepareReportLineData(
+ line, err = prepareReportLineData(
entry.Value.(schema.VulnerabilityInfo),
VULNERABILITY_LIST_ROW_DATA,
flags.Summary,
)
-
+ // Only emit line if no error
+ if err != nil {
+ return
+ }
if err = w.Write(line); err != nil {
err = getLogger().Errorf("csv.Write: %w", err)
}
}
-
return
}
@@ -373,6 +379,7 @@ func DisplayVulnListMarkdown(bom *schema.BOM, writer io.Writer, flags utils.Vuln
titleRow := createMarkdownRow(titles)
fmt.Fprintf(writer, "%s\n", titleRow)
+ // create alignment row
alignments := createMarkdownColumnAlignment(titles)
alignmentRow := createMarkdownRow(alignments)
fmt.Fprintf(writer, "%s\n", alignmentRow)
@@ -393,17 +400,18 @@ func DisplayVulnListMarkdown(bom *schema.BOM, writer io.Writer, flags utils.Vuln
var line []string
var lineRow string
for _, entry := range entries {
- // TODO surface error data to top-level command
- line, _ = prepareReportLineData(
+ line, err = prepareReportLineData(
entry.Value.(schema.VulnerabilityInfo),
VULNERABILITY_LIST_ROW_DATA,
flags.Summary,
)
+ // Only emit line if no error
+ if err != nil {
+ return
+ }
lineRow = createMarkdownRow(line)
fmt.Fprintf(writer, "%s\n", lineRow)
-
}
-
return
}
diff --git a/cmd/vulnerability_test.go b/cmd/vulnerability_test.go
index d245d5de..f3cfba72 100644
--- a/cmd/vulnerability_test.go
+++ b/cmd/vulnerability_test.go
@@ -74,7 +74,7 @@ func NewVulnTestInfoBasic(inputFile string, listFormat string, resultExpectedErr
// -------------------------------------------
// Vuln. list test helper functions
// -------------------------------------------
-func innerBufferedTestVulnList(t *testing.T, testInfo *VulnTestInfo, whereFilters []common.WhereFilter, flags utils.VulnerabilityCommandFlags) (outputBuffer bytes.Buffer, err error) {
+func innerBufferedTestVulnList(testInfo *VulnTestInfo, whereFilters []common.WhereFilter, flags utils.VulnerabilityCommandFlags) (outputBuffer bytes.Buffer, err error) {
// Declare an output outputBuffer/outputWriter to use used during tests
var outputWriter = bufio.NewWriter(&outputBuffer)
// ensure all data is written to buffer before further validation
@@ -100,7 +100,7 @@ func innerTestVulnList(t *testing.T, testInfo *VulnTestInfo, flags utils.Vulnera
}
// invoke list command with a byte buffer
- outputBuffer, err = innerBufferedTestVulnList(t, testInfo, whereFilters, flags)
+ outputBuffer, err = innerBufferedTestVulnList(testInfo, whereFilters, flags)
// Run all common tests against "result" values in the CommonTestInfo struct
err = innerRunReportResultTests(t, &testInfo.CommonTestInfo, outputBuffer, err)
diff --git a/go.mod b/go.mod
index cbdaf25a..c8404a2c 100644
--- a/go.mod
+++ b/go.mod
@@ -16,6 +16,7 @@ require (
require (
github.com/davecgh/go-spew v1.1.1 // indirect
+ github.com/google/uuid v1.6.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
diff --git a/go.sum b/go.sum
index 753064a8..887ad518 100644
--- a/go.sum
+++ b/go.sum
@@ -7,6 +7,8 @@ github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/hokaccha/go-prettyjson v0.0.0-20211117102719-0474bc63780f h1:7LYC+Yfkj3CTRcShK0KOL/w6iTiKyqqBA9a41Wnggw8=
github.com/hokaccha/go-prettyjson v0.0.0-20211117102719-0474bc63780f/go.mod h1:pFlLw2CfqZiIBOx6BuCeRLCrfxBJipTY0nIOF/VbGcI=
github.com/iancoleman/orderedmap v0.3.0 h1:5cbR2grmZR/DiVt+VJopEhtVs9YGInGIxAoMJn+Ichc=
diff --git a/schema/bom.go b/schema/bom.go
index 70ca4504..aeb02217 100644
--- a/schema/bom.go
+++ b/schema/bom.go
@@ -122,7 +122,6 @@ func (bom *BOM) GetFilename() string {
}
func (bom *BOM) GetFilenameInterpolated() string {
-
if bom.filename == INPUT_TYPE_STDIN {
return "stdin"
}
@@ -141,14 +140,14 @@ func (bom *BOM) GetCdxMetadata() (pMetadata *CDXMetadata) {
if bom := bom.GetCdxBom(); bom != nil {
pMetadata = bom.Metadata
}
- return pMetadata
+ return
}
func (bom *BOM) GetCdxMetadataComponent() (pComponent *CDXComponent) {
if metadata := bom.GetCdxMetadata(); metadata != nil {
pComponent = metadata.Component
}
- return pComponent
+ return
}
func (bom *BOM) GetCdxMetadataLicenses() (licenses *[]CDXLicenseChoice) {
@@ -326,7 +325,7 @@ func (bom *BOM) UnmarshalCycloneDXBOM() (err error) {
getLogger().Enter()
defer getLogger().Exit()
- // Unmarshal as a JSON Map if not done already
+ // Unmarshal as a JSON Map, if not done already
if bom.JsonMap == nil {
if err = bom.UnmarshalBOMAsJSONMap(); err != nil {
return
diff --git a/schema/bom_hash.go b/schema/bom_hash.go
index ac07439a..3f15328b 100644
--- a/schema/bom_hash.go
+++ b/schema/bom_hash.go
@@ -35,7 +35,7 @@ import (
// This hashes all components regardless where in the BOM document structure
// they are declared. This includes both the top-level metadata component
// (i.e., the subject of the BOM) as well as the components array.
-func (bom *BOM) HashComponentResources(whereFilters []common.WhereFilter) (err error) {
+func (bom *BOM) HashmapComponentResources(whereFilters []common.WhereFilter) (err error) {
getLogger().Enter()
defer func() {
if panicInfo := recover(); panicInfo != nil {
@@ -47,7 +47,7 @@ func (bom *BOM) HashComponentResources(whereFilters []common.WhereFilter) (err e
// Hash the top-level component declared in the BOM metadata
pMetadataComponent := bom.GetCdxMetadataComponent()
if pMetadataComponent != nil {
- _, err = bom.HashComponent(*pMetadataComponent, whereFilters, true)
+ _, err = bom.HashmapComponent(*pMetadataComponent, whereFilters, true)
if err != nil {
return
}
@@ -57,7 +57,7 @@ func (bom *BOM) HashComponentResources(whereFilters []common.WhereFilter) (err e
pComponents := bom.GetCdxComponents()
if pComponents != nil && len(*pComponents) > 0 {
//if components := bom.GetCdxComponents(); len(*components) > 0 {
- if err = bom.HashComponents(*pComponents, whereFilters, false); err != nil {
+ if err = bom.HashmapComponents(*pComponents, whereFilters, false); err != nil {
return
}
}
@@ -65,11 +65,11 @@ func (bom *BOM) HashComponentResources(whereFilters []common.WhereFilter) (err e
}
// TODO: use pointer for []CDXComponent
-func (bom *BOM) HashComponents(components []CDXComponent, whereFilters []common.WhereFilter, root bool) (err error) {
+func (bom *BOM) HashmapComponents(components []CDXComponent, whereFilters []common.WhereFilter, root bool) (err error) {
getLogger().Enter()
defer getLogger().Exit(err)
for _, cdxComponent := range components {
- _, err = bom.HashComponent(cdxComponent, whereFilters, root)
+ _, err = bom.HashmapComponent(cdxComponent, whereFilters, root)
if err != nil {
return
}
@@ -80,7 +80,7 @@ func (bom *BOM) HashComponents(components []CDXComponent, whereFilters []common.
// Hash a CDX Component and recursively those of any "nested" components
// TODO: we should WARN if version is not a valid semver (e.g., examples/cyclonedx/BOM/laravel-7.12.0/bom.1.3.json)
// TODO: Use pointer for CDXComponent
-func (bom *BOM) HashComponent(cdxComponent CDXComponent, whereFilters []common.WhereFilter, root bool) (hashed bool, err error) {
+func (bom *BOM) HashmapComponent(cdxComponent CDXComponent, whereFilters []common.WhereFilter, root bool) (hashed bool, err error) {
getLogger().Enter()
defer getLogger().Exit(err)
var resourceInfo CDXResourceInfo
@@ -137,7 +137,7 @@ func (bom *BOM) HashComponent(cdxComponent CDXComponent, whereFilters []common.W
// Recursively hash licenses for all child components (i.e., hierarchical composition)
pComponent := cdxComponent.Components
if pComponent != nil && len(*pComponent) > 0 {
- err = bom.HashComponents(*cdxComponent.Components, whereFilters, root)
+ err = bom.HashmapComponents(*cdxComponent.Components, whereFilters, root)
if err != nil {
return
}
@@ -149,13 +149,13 @@ func (bom *BOM) HashComponent(cdxComponent CDXComponent, whereFilters []common.W
// Services
// -------------------
-func (bom *BOM) HashServiceResources(whereFilters []common.WhereFilter) (err error) {
+func (bom *BOM) HashmapServiceResources(whereFilters []common.WhereFilter) (err error) {
getLogger().Enter()
defer getLogger().Exit(err)
pServices := bom.GetCdxServices()
if pServices != nil && len(*pServices) > 0 {
- if err = bom.HashServices(*pServices, whereFilters); err != nil {
+ if err = bom.HashmapServices(*pServices, whereFilters); err != nil {
return
}
}
@@ -163,12 +163,12 @@ func (bom *BOM) HashServiceResources(whereFilters []common.WhereFilter) (err err
}
// TODO: use pointer for []CDXService
-func (bom *BOM) HashServices(services []CDXService, whereFilters []common.WhereFilter) (err error) {
+func (bom *BOM) HashmapServices(services []CDXService, whereFilters []common.WhereFilter) (err error) {
getLogger().Enter()
defer getLogger().Exit(err)
for _, cdxService := range services {
- _, err = bom.HashService(cdxService, whereFilters)
+ _, err = bom.HashmapService(cdxService, whereFilters)
if err != nil {
return
}
@@ -178,7 +178,7 @@ func (bom *BOM) HashServices(services []CDXService, whereFilters []common.WhereF
// Hash a CDX Component and recursively those of any "nested" components
// TODO: use pointer for CDXService
-func (bom *BOM) HashService(cdxService CDXService, whereFilters []common.WhereFilter) (hashed bool, err error) {
+func (bom *BOM) HashmapService(cdxService CDXService, whereFilters []common.WhereFilter) (hashed bool, err error) {
getLogger().Enter()
defer getLogger().Exit(err)
var resourceInfo CDXResourceInfo
@@ -236,7 +236,7 @@ func (bom *BOM) HashService(cdxService CDXService, whereFilters []common.WhereFi
// Recursively hash licenses for all child components (i.e., hierarchical composition)
pServices := cdxService.Services
if pServices != nil && len(*pServices) > 0 {
- err = bom.HashServices(*pServices, whereFilters)
+ err = bom.HashmapServices(*pServices, whereFilters)
if err != nil {
return
}
@@ -248,7 +248,7 @@ func (bom *BOM) HashService(cdxService CDXService, whereFilters []common.WhereFi
// Licenses
// -------------------
-func (bom *BOM) HashLicenseInfo(policyConfig *LicensePolicyConfig, key string, licenseInfo LicenseInfo, whereFilters []common.WhereFilter) (hashed bool, err error) {
+func (bom *BOM) HashmapLicenseInfo(policyConfig *LicensePolicyConfig, key string, licenseInfo LicenseInfo, whereFilters []common.WhereFilter) (hashed bool, err error) {
if reflect.DeepEqual(licenseInfo, LicenseInfo{}) {
getLogger().Warning("empty license object found")
@@ -292,14 +292,14 @@ func (bom *BOM) HashLicenseInfo(policyConfig *LicensePolicyConfig, key string, l
// Vulnerabilities
// -------------------
-func (bom *BOM) HashVulnerabilityResources(whereFilters []common.WhereFilter) (err error) {
+func (bom *BOM) HashmapVulnerabilityResources(whereFilters []common.WhereFilter) (err error) {
getLogger().Enter()
defer getLogger().Exit(err)
pVulnerabilities := bom.GetCdxVulnerabilities()
if pVulnerabilities != nil && len(*pVulnerabilities) > 0 {
- if err = bom.HashVulnerabilities(*pVulnerabilities, whereFilters); err != nil {
+ if err = bom.HashmapVulnerabilities(*pVulnerabilities, whereFilters); err != nil {
return
}
}
@@ -308,12 +308,12 @@ func (bom *BOM) HashVulnerabilityResources(whereFilters []common.WhereFilter) (e
// We need to hash our own informational structure around the CDX data in order
// to simplify --where queries to command line users
-func (bom *BOM) HashVulnerabilities(vulnerabilities []CDXVulnerability, whereFilters []common.WhereFilter) (err error) {
+func (bom *BOM) HashmapVulnerabilities(vulnerabilities []CDXVulnerability, whereFilters []common.WhereFilter) (err error) {
getLogger().Enter()
defer getLogger().Exit(err)
for _, cdxVulnerability := range vulnerabilities {
- _, err = bom.HashVulnerability(cdxVulnerability, whereFilters)
+ _, err = bom.HashmapVulnerability(cdxVulnerability, whereFilters)
if err != nil {
return
}
@@ -323,7 +323,7 @@ func (bom *BOM) HashVulnerabilities(vulnerabilities []CDXVulnerability, whereFil
// Hash a CDX Component and recursively those of any "nested" components
// TODO we should WARN if version is not a valid semver (e.g., examples/cyclonedx/BOM/laravel-7.12.0/bom.1.3.json)
-func (bom *BOM) HashVulnerability(cdxVulnerability CDXVulnerability, whereFilters []common.WhereFilter) (hashed bool, err error) {
+func (bom *BOM) HashmapVulnerability(cdxVulnerability CDXVulnerability, whereFilters []common.WhereFilter) (hashed bool, err error) {
getLogger().Enter()
defer getLogger().Exit(err)
var vulnInfo VulnerabilityInfo
diff --git a/schema/bom_hash_test.go b/schema/bom_hash_test.go
index 405c1a83..b72dfdf0 100644
--- a/schema/bom_hash_test.go
+++ b/schema/bom_hash_test.go
@@ -227,7 +227,7 @@ func TestHashCDXComponentEmpty(t *testing.T) {
return
}
- _, err = document.HashComponent(*component, nil, false)
+ _, err = document.HashmapComponent(*component, nil, false)
if err != nil {
t.Error(err)
return
@@ -254,7 +254,7 @@ func TestHashCDXComponentNameOnly(t *testing.T) {
return
}
- _, err = document.HashComponent(*component, nil, false)
+ _, err = document.HashmapComponent(*component, nil, false)
if err != nil {
t.Error(err)
return
@@ -281,7 +281,7 @@ func TestHashCDXComponentFull(t *testing.T) {
return
}
- _, err = document.HashComponent(*component, nil, false)
+ _, err = document.HashmapComponent(*component, nil, false)
if err != nil {
t.Error(err)
return
@@ -309,7 +309,7 @@ func TestHashCDXComponentsSlice(t *testing.T) {
}
if components != nil {
- err = document.HashComponents(*components, nil, false)
+ err = document.HashmapComponents(*components, nil, false)
if err != nil {
t.Error(err)
return
@@ -320,7 +320,7 @@ func TestHashCDXComponentsSlice(t *testing.T) {
func TestHashZeroCDXComponentStruct(t *testing.T) {
cdxComponent := new(CDXComponent)
document := NewBOM("")
- hashed, err := document.HashComponent(*cdxComponent, nil, false)
+ hashed, err := document.HashmapComponent(*cdxComponent, nil, false)
if err != nil {
t.Error(err)
return
@@ -355,7 +355,7 @@ func TestHashCDXServicesSlice(t *testing.T) {
return
}
- err = document.HashServices(*services, nil)
+ err = document.HashmapServices(*services, nil)
if err != nil {
t.Error(err)
return
@@ -365,7 +365,7 @@ func TestHashCDXServicesSlice(t *testing.T) {
func TestHashZeroCDXServiceStruct(t *testing.T) {
cdxService := new(CDXService)
document := NewBOM("")
- hashed, err := document.HashService(*cdxService, nil)
+ hashed, err := document.HashmapService(*cdxService, nil)
if err != nil {
t.Error(err)
return
@@ -397,7 +397,7 @@ func TestHashCDXVulnerabilitiesSlice(t *testing.T) {
return
}
- err = document.HashVulnerabilities(*vulnerabilities, nil)
+ err = document.HashmapVulnerabilities(*vulnerabilities, nil)
if err != nil {
t.Error(err)
return
@@ -412,7 +412,7 @@ func TestHashCDXVulnerabilitiesSlice(t *testing.T) {
func TestHashZeroCDXVulnerabilityStruct(t *testing.T) {
cdxVulnerability := new(CDXVulnerability)
document := NewBOM("")
- hashed, err := document.HashVulnerability(*cdxVulnerability, nil)
+ hashed, err := document.HashmapVulnerability(*cdxVulnerability, nil)
if err != nil {
t.Error(err)
return
@@ -431,7 +431,7 @@ func TestHashZeroCDXVulnerabilityStruct(t *testing.T) {
func TestHashZeroCDXLicenseInfoStruct(t *testing.T) {
cdxLicenseInfo := new(LicenseInfo)
document := NewBOM("")
- hashed, err := document.HashLicenseInfo(nil, "foo", *cdxLicenseInfo, nil)
+ hashed, err := document.HashmapLicenseInfo(nil, "foo", *cdxLicenseInfo, nil)
// HashLicenseInfo(bom *schema.BOM, policyConfig *schema.LicensePolicyConfig, key string, licenseInfo schema.LicenseInfo, whereFilters []common.WhereFilter) (hashed bool)
if err != nil {
t.Error(err)
diff --git a/schema/cyclonedx.go b/schema/cyclonedx.go
index 8317ab60..5298af41 100644
--- a/schema/cyclonedx.go
+++ b/schema/cyclonedx.go
@@ -15,7 +15,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package schema
const (
@@ -75,49 +74,51 @@ type CDXMetadata struct {
// v1.4: added: "releaseNotes", "signature"
// v1.4: changed: "version" no longer required
// v1.4: deprecated: "modified", "cpe", "swid"
-// v1.5: added
+// v1.5: added "modelCard", (component)"data"
// Note: "bom-ref" is a "refType" which is a constrained `string`
// TODO: "mime-type" SHOULD become "media-type" which is more modern/inclusive
// TODO: Remove "service" from "Type" enum. as "service" now exists (deprecate in future versions)
// NOTE: CDXRefType is a named `string` type as of v1.5
type CDXComponent struct {
- Primary bool `json:"-"` // Proprietary: do NOT marshal/unmarshal
- Type string `json:"type,omitempty"` // Constraint: enum [see schema]
- MimeType string `json:"mime-type,omitempty"`
- BOMRef *CDXRefType `json:"bom-ref,omitempty"`
- Supplier *CDXOrganizationalEntity `json:"supplier,omitempty"`
- Author string `json:"author,omitempty"`
- Publisher string `json:"publisher,omitempty"`
- Group string `json:"group,omitempty"`
- Name string `json:"name,omitempty"`
- Version string `json:"version,omitempty"`
- Description string `json:"description,omitempty"`
- Scope string `json:"scope,omitempty"` // Constraint: "enum": ["required","optional","excluded"]
- Hashes *[]CDXHash `json:"hashes,omitempty"`
- Licenses *[]CDXLicenseChoice `json:"licenses,omitempty"`
- Copyright string `json:"copyright,omitempty"`
- Cpe string `json:"cpe,omitempty"` // See: https://nvd.nist.gov/products/cpe
- Purl string `json:"purl,omitempty" scvs:"bom:resource:identifiers:purl"` // See: https://github.com/package-url/purl-spec
- Swid *CDXSwid `json:"swid,omitempty"` // See: https://www.iso.org/standard/65666.html
- Pedigree *CDXPedigree `json:"pedigree,omitempty"` // anon. type
- ExternalReferences *[]CDXExternalReference `json:"externalReferences,omitempty"`
- Components *[]CDXComponent `json:"components,omitempty"`
- Evidence *CDXComponentEvidence `json:"evidence,omitempty"` // v1.3: added
- Properties *[]CDXProperty `json:"properties,omitempty"` // v1.3: added
- Modified bool `json:"modified,omitempty" cdx:"deprecated"` // v1.4: deprecated
- ReleaseNotes *[]CDXReleaseNotes `json:"releaseNotes,omitempty"` // v1.4: added
- Signature *JSFSignature `json:"signature,omitempty"` // v1.4: added
- ModelCard *CDXModelCard `json:"modelCard,omitempty"` // v1.5: added
- Data *[]CDXComponentData `json:"data,omitempty"` // v1.5: added
+ Primary bool `json:"-"` // Proprietary: do NOT marshal/unmarshal
+ Type string `json:"type,omitempty"` // Constraint: enum [see schema]
+ Name string `json:"name,omitempty"`
+ Version string `json:"version,omitempty"`
+ Description string `json:"description,omitempty"`
+ Group string `json:"group,omitempty"`
+ BOMRef *CDXRefType `json:"bom-ref,omitempty"`
+ MimeType string `json:"mime-type,omitempty"`
+ Supplier *CDXOrganizationalEntity `json:"supplier,omitempty"`
+ Author string `json:"author,omitempty"`
+ Publisher string `json:"publisher,omitempty"`
+ Scope string `json:"scope,omitempty"` // Constraint: "enum": ["required","optional","excluded"]
+ Hashes *[]CDXHash `json:"hashes,omitempty"`
+ Licenses *[]CDXLicenseChoice `json:"licenses,omitempty"`
+ Copyright string `json:"copyright,omitempty"`
+ Cpe string `json:"cpe,omitempty"` // See: https://nvd.nist.gov/products/cpe
+ Purl string `json:"purl,omitempty" scvs:"bom:resource:identifiers:purl"` // See: https://github.com/package-url/purl-spec
+ Swid *CDXSwid `json:"swid,omitempty"` // See: https://www.iso.org/standard/65666.html
+ Pedigree *CDXPedigree `json:"pedigree,omitempty"` // anon. type
+ ExternalReferences *[]CDXExternalReference `json:"externalReferences,omitempty"`
+ Components *[]CDXComponent `json:"components,omitempty"`
+ Evidence *CDXComponentEvidence `json:"evidence,omitempty"` // v1.3: added
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.3: added
+ Modified bool `json:"modified,omitempty" cdx:"deprecated"` // v1.4: deprecated
+ ReleaseNotes *[]CDXReleaseNotes `json:"releaseNotes,omitempty"` // v1.4: added
+ Signature *JSFSignature `json:"signature,omitempty"` // v1.4: added
+ ModelCard *CDXModelCard `json:"modelCard,omitempty"` // v1.5: added
+ Data *[]CDXComponentData `json:"data,omitempty"` // v1.5: added
+ Authors *[]CDXOrganizationalContact `json:"authors,omitempty"` // v1.6: added
+ Tags *[]string `json:"tags,omitempty" cdx:"+1.6"` // v1.6: added
}
-// v1.5 added
+// v1.5 added object
// The general theme or subject matter of the data being specified.
// TODO: "contents" is plural, but it is not an array
type CDXComponentData struct {
- BOMRef *CDXRefType `json:"bom-ref,omitempty"`
Type string `json:"type,omitempty"` // Constraint: "enum": ["source-code","configuration","dataset","definition","other"]
Name string `json:"name,omitempty"`
+ BOMRef *CDXRefType `json:"bom-ref,omitempty"`
Contents *CDXContent `json:"contents,omitempty"`
Classification *CDXDataClassification `json:"classification,omitempty"`
SensitiveData []string `json:"sensitiveData,omitempty"`
@@ -126,10 +127,10 @@ type CDXComponentData struct {
Governance *CDXDataGovernance `json:"governance,omitempty"`
}
-// v1.5 added
+// v1.5 added object
type CDXContent struct {
- Attachment *CDXAttachment `json:"attachment,omitempty"`
Url string `json:"url,omitempty"`
+ Attachment *CDXAttachment `json:"attachment,omitempty"`
Properties *[]CDXProperty `json:"properties,omitempty"`
}
@@ -140,7 +141,7 @@ type CDXDataGovernance struct {
Owners *[]CDXDataGovernanceResponsibleParty `json:"owners,omitempty"`
}
-// v1.5 added
+// v1.5 added structure
// Constraints: "oneOf": ["organization", "contact"]
type CDXDataGovernanceResponsibleParty struct {
Organization *CDXOrganizationalEntity `json:"organization,omitempty"`
@@ -161,12 +162,12 @@ type CDXDataGovernanceResponsibleParty struct {
// validate a v1.2 SBOM wit the anon. type parses properly
// NOTE: CDXRefType is a named `string` type as of v1.5
type CDXService struct {
- BOMRef *CDXRefType `json:"bom-ref,omitempty"`
Provider *CDXOrganizationalEntity `json:"provider,omitempty"`
- Group string `json:"group,omitempty"`
Name string `json:"name,omitempty"`
Version string `json:"version,omitempty"`
Description string `json:"description,omitempty"`
+ Group string `json:"group,omitempty"`
+ BOMRef *CDXRefType `json:"bom-ref,omitempty"`
Endpoints *[]string `json:"endpoints,omitempty"`
Authenticated bool `json:"authenticated,omitempty"`
XTrustBoundary bool `json:"x-trust-boundary,omitempty"`
@@ -175,9 +176,10 @@ type CDXService struct {
Licenses *[]CDXLicenseChoice `json:"licenses,omitempty"`
ExternalReferences *[]CDXExternalReference `json:"externalReferences,omitempty"`
Services *[]CDXService `json:"services,omitempty"`
- Properties *[]CDXProperty `json:"properties,omitempty"` // v1.3: added
- ReleaseNotes *[]CDXReleaseNotes `json:"releaseNotes,omitempty"` // v1.4: added
- Signature *JSFSignature `json:"signature,omitempty"` // v1.4: added
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.3: added
+ ReleaseNotes *[]CDXReleaseNotes `json:"releaseNotes,omitempty"` // v1.4: added
+ Signature *JSFSignature `json:"signature,omitempty"` // v1.4: added
+ Tags *[]string `json:"tags,omitempty" cdx:"+1.6"` // v1.6: added
}
// v1.5: added. aggregated related date from v1.2-v1.4 and added additional fields
@@ -229,29 +231,33 @@ type CDXLicenseChoice struct {
CDXLicenseExpression
}
-// v1.5: added
+// v1.5: added structure
+// v1.6: added Acknowledgment
// NOTE: CDXRefType is a named `string` type as of v1.5
type CDXLicenseExpression struct {
- Expression string `json:"expression,omitempty"`
- BOMRef *CDXRefType `json:"bom-ref,omitempty"`
+ Expression string `json:"expression,omitempty"`
+ BOMRef *CDXRefType `json:"bom-ref,omitempty"`
+ Acknowledgement string `json:"acknowledgement,omitempty"` // v1.6: added
}
// v1.2: was an anon. type
// v1.3: created
+// v1.6: added Acknowledgment
// Note: "id" SHOULD be an SPDX license ID
// Note: "oneOf": ["id", "name"] is required
// NOTE: CDXRefType is a named `string` type as of v1.5
type CDXLicense struct {
- Id string `json:"id,omitempty"`
- Name string `json:"name,omitempty"`
- Text *CDXAttachment `json:"text,omitempty"`
- Url string `json:"url,omitempty"`
- BOMRef *CDXRefType `json:"bom-ref,omitempty"` // v1.5: added
- Licensing *CDXLicensing `json:"licensing,omitempty"` // v1.5: added
- Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5: added
+ Id string `json:"id,omitempty"`
+ Name string `json:"name,omitempty"`
+ Text *CDXAttachment `json:"text,omitempty"`
+ Url string `json:"url,omitempty"`
+ BOMRef *CDXRefType `json:"bom-ref,omitempty"` // v1.5: added
+ Licensing *CDXLicensing `json:"licensing,omitempty"` // v1.5: added
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5: added
+ Acknowledgement string `json:"acknowledgement,omitempty"` // v1.6: added
}
-// v1.5: added
+// v1.5: added object
type CDXLicensing struct {
AltIds *[]string `json:"altIds,omitempty"`
Licensor *CDXLicenseLegalParty `json:"licensor,omitempty"`
@@ -322,9 +328,9 @@ type CDXIdentifiableAction struct {
// v1.3: added "hashes"
// v1.4: `Type` field: added value "release-notes" to enum.
type CDXExternalReference struct {
+ Type string `json:"type,omitempty"`
Url string `json:"url,omitempty"`
Comment string `json:"comment,omitempty"`
- Type string `json:"type,omitempty"`
Hashes *[]CDXHash `json:"hashes,omitempty"` // v1.3: added
}
@@ -365,7 +371,10 @@ type CDXComponentEvidence struct {
// v1.4: added "signature"
// v1.5: added "bom-ref", "vulnerabilities"
// Note: "aggregate" is type `aggregateType` which is a constrained string
-// TODO: Should not be plural; open issue against v2.0 schema
+// TODO: Note: "Assemblies" is really an array of OneOf: "refLinkType" or "bomLinkElementType"
+// which BOTH thankfully mapping to "string"; however, this MAY need to become an "interface{}"
+// similar to "tools" has become.
+// TODO: Should NOT be plural; open issue against v2.0 schema
// NOTE: CDXRefType is a named `string` type as of v1.5
type CDXCompositions struct {
Aggregate string `json:"aggregate,omitempty"`
diff --git a/schema/cyclonedx_formulation.go b/schema/cyclonedx_formulation.go
index 0a9236bf..8c1ca57f 100644
--- a/schema/cyclonedx_formulation.go
+++ b/schema/cyclonedx_formulation.go
@@ -21,53 +21,53 @@ package schema
// v1.5: added
// NOTE: CDXRefType is a named `string` type as of v1.5
type CDXFormula struct {
- BOMRef CDXRefType `json:"bom-ref,omitempty"` // v1.5
- Components []CDXComponent `json:"components,omitempty"` // v1.5
- Services []CDXService `json:"services,omitempty"` // v1.5
- Workflows []CDXWorkflow `json:"workflows,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ BOMRef *CDXRefType `json:"bom-ref,omitempty"` // v1.5
+ Components *[]CDXComponent `json:"components,omitempty"` // v1.5
+ Services *[]CDXService `json:"services,omitempty"` // v1.5
+ Workflows *[]CDXWorkflow `json:"workflows,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
// v1.5: added
// NOTE: CDXRefType is a named `string` type as of v1.5
-type CDXWorkflow struct {
- BOMRef CDXRefType `json:"bom-ref,omitempty"` // v1.5
- Uid string `json:"uid,omitempty"` // v1.5
- Name string `json:"name,omitempty"` // v1.5
- Description string `json:"description,omitempty"` // v1.5
- ResourceReferences []CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
- Tasks []CDXTask `json:"tasks,omitempty"` // v1.5
- TaskDependencies []CDXDependency `json:"taskDependencies,omitempty"` // v1.5
- TaskTypes []CDXTaskType `json:"taskTypes,omitempty"` // v1.5
- Trigger CDXTrigger `json:"trigger,omitempty"` // v1.5
- Steps []CDXStep `json:"steps,omitempty"` // v1.5
- Inputs []CDXInputType `json:"inputs,omitempty"` // v1.5
- Outputs []CDXOutputType `json:"outputs,omitempty"` // v1.5
- TimeStart string `json:"timeStart,omitempty"` // v1.5
- TimeEnd string `json:"timeEnd,omitempty"` // v1.5
- Workspaces []CDXWorkspace `json:"workspaces,omitempty"` // v1.5
- RuntimeTopology []CDXDependency `json:"runtimeTopology,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+type CDXWorkflow struct { // v1.5
+ Uid string `json:"uid,omitempty"` // v1.5
+ Name string `json:"name,omitempty"` // v1.5
+ BOMRef *CDXRefType `json:"bom-ref,omitempty"`
+ Description string `json:"description,omitempty"` // v1.5
+ ResourceReferences *[]CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
+ Tasks *[]CDXTask `json:"tasks,omitempty"` // v1.5
+ TaskDependencies *[]CDXDependency `json:"taskDependencies,omitempty"` // v1.5
+ TaskTypes *[]CDXTaskType `json:"taskTypes,omitempty"` // v1.5
+ Trigger CDXTrigger `json:"trigger,omitempty"` // v1.5
+ Steps *[]CDXStep `json:"steps,omitempty"` // v1.5
+ Inputs *[]CDXInputType `json:"inputs,omitempty"` // v1.5
+ Outputs *[]CDXOutputType `json:"outputs,omitempty"` // v1.5
+ TimeStart string `json:"timeStart,omitempty"` // v1.5
+ TimeEnd string `json:"timeEnd,omitempty"` // v1.5
+ Workspaces *[]CDXWorkspace `json:"workspaces,omitempty"` // v1.5
+ RuntimeTopology *[]CDXDependency `json:"runtimeTopology,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
// v1.5: added
// NOTE: CDXRefType is a named `string` type as of v1.5
type CDXTask struct {
- BOMRef CDXRefType `json:"bom-ref,omitempty"` // v1.5
- Uid string `json:"uid,omitempty"` // v1.5
- Name string `json:"name,omitempty"` // v1.5
- Description string `json:"description,omitempty"` // v1.5
- ResourceReferences []CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
- TaskTypes []CDXTaskType `json:"taskTypes,omitempty"` // v1.5
- Trigger CDXTrigger `json:"trigger,omitempty"` // v1.5
- Steps []CDXStep `json:"steps,omitempty"` // v1.5
- Inputs []CDXInputType `json:"inputs,omitempty"` // v1.5
- Outputs []CDXOutputType `json:"outputs,omitempty"` // v1.5
- TimeStart string `json:"timeStart,omitempty"` // v1.5
- TimeEnd string `json:"timeEnd,omitempty"` // v1.5
- Workspaces []CDXWorkspace `json:"workspaces,omitempty"` // v1.5
- RuntimeTopology []CDXDependency `json:"runtimeTopology,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ BOMRef *CDXRefType `json:"bom-ref,omitempty"` // v1.5
+ Uid string `json:"uid,omitempty"` // v1.5
+ Name string `json:"name,omitempty"` // v1.5
+ Description string `json:"description,omitempty"` // v1.5
+ ResourceReferences *[]CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
+ TaskTypes *[]CDXTaskType `json:"taskTypes,omitempty"` // v1.5
+ Trigger CDXTrigger `json:"trigger,omitempty"` // v1.5
+ Steps *[]CDXStep `json:"steps,omitempty"` // v1.5
+ Inputs *[]CDXInputType `json:"inputs,omitempty"` // v1.5
+ Outputs *[]CDXOutputType `json:"outputs,omitempty"` // v1.5
+ TimeStart string `json:"timeStart,omitempty"` // v1.5
+ TimeEnd string `json:"timeEnd,omitempty"` // v1.5
+ Workspaces *[]CDXWorkspace `json:"workspaces,omitempty"` // v1.5
+ RuntimeTopology *[]CDXDependency `json:"runtimeTopology,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
// v1.5: added
@@ -76,61 +76,61 @@ type CDXTaskType string // v1.5
// v1.5: added
type CDXStep struct {
- Name string `json:"name,omitempty"` // v1.5
- Description string `json:"description,omitempty"` // v1.5
- Commands []CDXCommand `json:"commands,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ Name string `json:"name,omitempty"` // v1.5
+ Description string `json:"description,omitempty"` // v1.5
+ Commands *[]CDXCommand `json:"commands,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
// v1.5: added
type CDXCommand struct {
- Executed bool `json:"executed,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ Executed bool `json:"executed,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
// v1.5: added
// NOTE: CDXRefType is a named `string` type as of v1.5
type CDXWorkspace struct {
- BOMRef CDXRefType `json:"bom-ref,omitempty"` // v1.5
- Uid string `json:"uid,omitempty"` // v1.5
- Name string `json:"name,omitempty"` // v1.5
- Aliases []string `json:"aliases,omitempty"` // v1.5
- Description string `json:"description,omitempty"` // v1.5
- ResourceReferences []CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
- AccessMode string `json:"accessMode,omitempty"` // v1.5
- MountPath string `json:"mountPath,omitempty"` // v1.5
- ManagedDataType string `json:"managedDataType,omitempty"` // v1.5
- VolumeRequest string `json:"volumeRequest,omitempty"` // v1.5
- Volume CDXVolume `json:"volume,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ BOMRef CDXRefType `json:"bom-ref,omitempty"` // v1.5
+ Uid string `json:"uid,omitempty"` // v1.5
+ Name string `json:"name,omitempty"` // v1.5
+ Aliases *[]string `json:"aliases,omitempty"` // v1.5
+ Description string `json:"description,omitempty"` // v1.5
+ ResourceReferences *[]CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
+ AccessMode string `json:"accessMode,omitempty"` // v1.5
+ MountPath string `json:"mountPath,omitempty"` // v1.5
+ ManagedDataType string `json:"managedDataType,omitempty"` // v1.5
+ VolumeRequest string `json:"volumeRequest,omitempty"` // v1.5
+ Volume CDXVolume `json:"volume,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
// v1.5: added
// NOTE: CDXRefType is a named `string` type as of v1.5
type CDXVolume struct {
- Uid string `json:"uid,omitempty"` // v1.5
- Name string `json:"name,omitempty"` // v1.5
- Mode string `json:"mode,omitempty"` // v1.5
- Path string `json:"path,omitempty"` // v1.5
- SizeAllocated string `json:"sizeAllocated,omitempty"` // v1.5
- Persistent bool `json:"persistent,omitempty"` // v1.5
- Remote bool `json:"remote,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ Uid string `json:"uid,omitempty"` // v1.5
+ Name string `json:"name,omitempty"` // v1.5
+ Mode string `json:"mode,omitempty"` // v1.5
+ Path string `json:"path,omitempty"` // v1.5
+ SizeAllocated string `json:"sizeAllocated,omitempty"` // v1.5
+ Persistent bool `json:"persistent,omitempty"` // v1.5
+ Remote bool `json:"remote,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
type CDXTrigger struct {
- BOMRef CDXRefType `json:"bom-ref,omitempty"` // v1.5
- Uid string `json:"uid,omitempty"` // v1.5
- Name string `json:"name,omitempty"` // v1.5
- Description string `json:"description,omitempty"` // v1.5
- ResourceReferences []CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
- Type string `json:"type,omitempty"` // v1.5 // "enum": ["manual", "api", "webhook","scheduled"]
- Event CDXEvent `json:"event,omitempty"` // v1.5
- Condition CDXCondition `json:"condition,omitempty"` // v1.5
- TimeActivated string `json:"timeActivated,omitempty"` // v1.5
- Inputs []CDXInputType `json:"inputs,omitempty"` // v1.5
- Outputs []CDXOutputType `json:"outputs,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ BOMRef CDXRefType `json:"bom-ref,omitempty"` // v1.5
+ Uid string `json:"uid,omitempty"` // v1.5
+ Name string `json:"name,omitempty"` // v1.5
+ Description string `json:"description,omitempty"` // v1.5
+ ResourceReferences *[]CDXResourceReferenceChoice `json:"resourceReferences,omitempty"` // v1.5
+ Type string `json:"type,omitempty"` // v1.5 // "enum": ["manual", "api", "webhook","scheduled"]
+ Event CDXEvent `json:"event,omitempty"` // v1.5
+ Condition CDXCondition `json:"condition,omitempty"` // v1.5
+ TimeActivated string `json:"timeActivated,omitempty"` // v1.5
+ Inputs *[]CDXInputType `json:"inputs,omitempty"` // v1.5
+ Outputs *[]CDXOutputType `json:"outputs,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
type CDXEvent struct {
@@ -140,7 +140,7 @@ type CDXEvent struct {
Data CDXAttachment `json:"data,omitempty"` // v1.5
Source CDXResourceReferenceChoice `json:"source,omitempty"` // v1.5
Target CDXResourceReferenceChoice `json:"target,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
// v1.5: added
@@ -150,9 +150,9 @@ type CDXInputType struct {
Target CDXResourceReferenceChoice `json:"target,omitempty"` // v1.5
Resource CDXResourceReferenceChoice `json:"resource,omitempty"` // v1.5
Data CDXAttachment `json:"data,omitempty"` // v1.5
- Parameters []CDXParameter `json:"parameters,omitempty"` // v1.5
- EnvironmentVars []interface{} `json:"environmentVars,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ Parameters *[]CDXParameter `json:"parameters,omitempty"` // v1.5
+ EnvironmentVars *[]interface{} `json:"environmentVars,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
// v1.5: added
@@ -163,8 +163,8 @@ type CDXOutputType struct {
Target CDXResourceReferenceChoice `json:"target,omitempty"` // v1.5
Resource CDXResourceReferenceChoice `json:"resource,omitempty"` // v1.5
Data CDXAttachment `json:"data,omitempty"` // v1.5
- EnvironmentVars []interface{} `json:"environmentVars,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ EnvironmentVars *[]interface{} `json:"environmentVars,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
// v1.5: added
@@ -177,9 +177,9 @@ type CDXResourceReferenceChoice struct {
// v1.5: added
type CDXCondition struct {
- Description string `json:"description,omitempty"` // v1.5
- Expression string `json:"expression,omitempty"` // v1.5
- Properties []CDXProperty `json:"properties,omitempty"` // v1.5
+ Description string `json:"description,omitempty"` // v1.5
+ Expression string `json:"expression,omitempty"` // v1.5
+ Properties *[]CDXProperty `json:"properties,omitempty"` // v1.5
}
// v1.5: added
diff --git a/schema/cyclonedx_normalize.go b/schema/cyclonedx_normalize.go
new file mode 100644
index 00000000..fcdca9cc
--- /dev/null
+++ b/schema/cyclonedx_normalize.go
@@ -0,0 +1,681 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package schema
+
+import (
+ "sort"
+
+ "github.com/google/uuid"
+)
+
+// named BOM slice types
+type CDXAnnotationSlice []CDXAnnotation
+type CDXComponentDataSlice []CDXComponentData
+type CDXComponentSlice []CDXComponent
+type CDXCompositionSlice []CDXCompositions
+type CDXDependencySlice []CDXDependency
+type CDXExternalReferenceSlice []CDXExternalReference
+type CDXHashSlice []CDXHash
+type CDXLicenseChoiceSlice []CDXLicenseChoice
+type CDXLicenseSlice []CDXLicense // TODO: used in CDXComponentEvidence
+type CDXOrganizationalContactSlice []CDXOrganizationalContact
+type CDXOrganizationalEntitySlice []CDXOrganizationalEntity
+type CDXPropertySlice []CDXProperty
+type CDXRefLinkTypeSlice []CDXRefLinkType
+type CDXReleaseNotesSlice []CDXReleaseNotes
+type CDXServiceSlice []CDXService
+type CDXVersionRangeSlice []CDXVersionRange
+
+// ====================================================================
+// Normalizer Interface (and helpers)
+// ====================================================================
+type Normalizer interface {
+ Normalize()
+}
+
+// TODO: Would like to use type reflection to "walk" a CDXBom{} type hierarchy,
+// and normalize each element by calling its "Normalizer" interface IFF it is supported.
+// For example:
+// > if normalizeSupported(bom.Element) {
+// > bom.Element.Normalize()
+// >}
+
+// **NOTE** this method is a generic means to test for ANY named interface
+func interfaceSupported[T any](i T, itfc interface{}) bool {
+ if itfc != nil {
+ _, ok := itfc.(T)
+ return ok
+ }
+ return false
+}
+
+// This is a wrapper to test specifically for the Normalize interface
+func NormalizeSupported(itfc interface{}) bool {
+ return interfaceSupported(Normalizer(nil), itfc)
+}
+
+// ====================================================================
+// Normalization (i.e., "sort by") rules:
+// ====================================================================
+// 1. Sort by: Required fields if they exist ("id" values, author order)
+// >> WRONG: 1. Sort by: The pseudo-required field "bom-ref" when available (a BOM-unique ID)
+// 1. Sort by: Using optional struct-local, or domain identifiers (e.g., SPDXID) or
+// 1. Sort by: Using combinations of identifying field values (towards 100% normalization)
+// ====================================================================
+// "Punch" list of future items:
+// - TODO: track/limit depth of recursion (in "component", "service")
+// ====================================================================
+
+// ====================================================================
+// Struct Normalizers
+// ====================================================================
+func (bom *CDXBom) Normalize() {
+ // Sort: BOM Metadata
+ if bom.Metadata != nil {
+ bom.Metadata.Normalize()
+ }
+ // Sort: Components
+ if bom.Components != nil {
+ CDXComponentSlice(*bom.Components).Normalize()
+ }
+ // Sort: Services
+ if bom.Services != nil {
+ CDXServiceSlice(*bom.Services).Normalize()
+ }
+ // Sort: Dependencies
+ if bom.Dependencies != nil {
+ CDXDependencySlice(*bom.Dependencies).Normalize()
+ }
+ // Sort: Vulnerabilities
+ if bom.Vulnerabilities != nil {
+ CDXVulnerabilitySlice(*bom.Vulnerabilities).Normalize()
+ }
+ // Sort Formulation
+ if bom.Formulation != nil {
+ CDXFormulaSlice(*bom.Formulation).Normalize()
+ }
+ // Sort: Annotations
+ if bom.Annotations != nil {
+ CDXAnnotationSlice(*bom.Annotations).Normalize()
+ }
+ // Sort: ExternalReferences
+ if bom.ExternalReferences != nil {
+ CDXExternalReferenceSlice(*bom.ExternalReferences).Normalize()
+ }
+ // Sort: Properties
+ if bom.Properties != nil {
+ CDXPropertySlice(*bom.Properties).Normalize()
+ }
+ // TODO: Sort Compositions
+ // TODO: Sort: Declarations (v1.6)
+ // TODO: Sort: Definitions (v1.6)
+}
+
+// TODO: Sort Metadata object fields that are slices:
+// Tools interface{} `json:"tools,omitempty"` // v1.2: added.v1.5: "tools" is now an interface{}
+// Manufacturer *CDXOrganizationalEntity `json:"manufacture,omitempty"` // NOTE: Typo is in spec.
+// Supplier *CDXOrganizationalEntity `json:"supplier,omitempty"`
+// Lifecycles *[]CDXLifecycle `json:"lifecycles,omitempty"` // v1.5 added
+func (pMetadata *CDXMetadata) Normalize() {
+ if pMetadata != nil {
+ metadata := *pMetadata
+ // Sort: Component
+ if metadata.Component != nil {
+ metadata.Component.Normalize()
+ }
+ // Sort: Licenses
+ if metadata.Licenses != nil {
+ CDXLicenseChoiceSlice(*metadata.Licenses).Normalize()
+ }
+ // Sort: Properties
+ if metadata.Properties != nil {
+ CDXPropertySlice(*metadata.Properties).Normalize()
+ }
+ // Sort: Authors
+ if metadata.Authors != nil {
+ CDXOrganizationalContactSlice(*metadata.Authors).Normalize()
+ }
+ // TODO: Sort: Lifecycles
+ }
+}
+
+func (component *CDXComponent) Normalize() {
+ // Sort: Components
+ // Note: The following method is recursive
+ if component.Components != nil {
+ CDXComponentSlice(*component.Components).Normalize()
+ }
+ // Sort: Licenses
+ if component.Licenses != nil {
+ CDXLicenseChoiceSlice(*component.Licenses).Normalize()
+ }
+ // Sort: Hashes
+ if component.Hashes != nil {
+ CDXHashSlice(*component.Hashes).Normalize()
+ }
+ // Sort: Data
+ if component.Data != nil {
+ CDXComponentDataSlice(*component.Data).Normalize()
+ }
+ // Sort: ReleaseNotes
+ if component.ReleaseNotes != nil {
+ CDXReleaseNotesSlice(*component.ReleaseNotes).Normalize()
+ }
+ // Sort: ExternalReferences
+ if component.ExternalReferences != nil {
+ CDXExternalReferenceSlice(*component.ExternalReferences).Normalize()
+ }
+ // Sort: Properties
+ if component.Properties != nil {
+ CDXPropertySlice(*component.Properties).Normalize()
+ }
+ // Sort: Authors (v1.6)
+ if component.Authors != nil {
+ CDXOrganizationalContactSlice(*component.Authors).Normalize()
+ }
+ // Sort: Tags (i.e., an array of "string") (v1.6)
+ if component.Tags != nil {
+ sort.Strings(*component.Tags)
+ }
+ // TODO: Sort: Evidence
+ // TODO: Sort: ModelCard
+ // TODO: Sort: Pedigree (i.e., its Ancestors, Dependents, etc.)
+ // TODO: Sort: CryptoProperties (v1.6)
+}
+
+func (service *CDXService) Normalize() {
+ // Sort: Services
+ // Note: The following method is recursive
+ if service.Services != nil {
+ CDXServiceSlice(*service.Services).Normalize()
+ }
+ // Sort: Licenses
+ if service.Licenses != nil {
+ CDXLicenseChoiceSlice(*service.Licenses).Normalize()
+ }
+ // Sort: ReleaseNotes
+ if service.ReleaseNotes != nil {
+ CDXReleaseNotesSlice(*service.ReleaseNotes).Normalize()
+ }
+ // Sort: ExternalReferences
+ if service.ExternalReferences != nil {
+ CDXExternalReferenceSlice(*service.ExternalReferences).Normalize()
+ }
+ // Sort: Properties
+ if service.Properties != nil {
+ CDXPropertySlice(*service.Properties).Normalize()
+ }
+ // Sort: Endpoints (i.e., an array of "string")
+ if service.Endpoints != nil {
+ sort.Strings(*service.Endpoints)
+ }
+ // Sort: Tags (i.e., an array of "string") (v1.6)
+ if service.Tags != nil {
+ sort.Strings(*service.Tags)
+ }
+ // TODO: Sort: (Service) Data
+}
+
+func (licenseChoice CDXLicenseChoice) Normalize() {
+ // Sort: License (slices within)
+ if licenseChoice.License != nil {
+ licenseChoice.License.Normalize()
+ }
+}
+
+func (license CDXLicense) Normalize() {
+ // TODO: Sort: Licensing *CDXLicensing
+ // Sort: Properties
+ if license.Properties != nil {
+ CDXPropertySlice(*license.Properties).Normalize()
+ }
+ if license.Licensing != nil {
+ license.Licensing.Normalize()
+ }
+}
+
+func (licensing CDXLicensing) Normalize() {
+ // Sort: AltIds
+ if licensing.AltIds != nil {
+ sort.Strings(*licensing.AltIds)
+ }
+ // Sort: LicenseTypes
+ if licensing.LicenseTypes != nil {
+ sort.Strings(*licensing.LicenseTypes)
+ }
+}
+
+func (dependency CDXDependency) Normalize() {
+ if dependency.DependsOn != nil {
+ CDXRefLinkTypeSlice(*dependency.DependsOn).Normalize()
+ }
+}
+
+func (composition *CDXCompositions) Normalize() {
+ // Sort: Assemblies
+ if composition.Assemblies != nil {
+ // Note: "Assembly" is really OneOf: "refLinkType" or "bomLinkElementType"
+ // BOTH of which map to "string" (thankfully for now)
+ sort.Strings(*composition.Assemblies)
+ }
+ // Sort: Dependencies
+ if composition.Dependencies != nil {
+ sort.Strings(*composition.Dependencies)
+ }
+ // Sort: Vulnerabilities
+ if composition.Vulnerabilities != nil {
+ CDXVulnerabilitySlice(*composition.Vulnerabilities).Normalize()
+ }
+}
+
+func (entity *CDXOrganizationalEntity) Normalize() {
+ // Sort: Contact(s)
+ if entity.Contact != nil {
+ CDXOrganizationalContactSlice(*entity.Contact).Normalize()
+ }
+}
+
+// ====================================================================
+// Slice Normalizers
+// ====================================================================
+
+func (slice CDXComponentSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorComponent(element1, element2)
+ })
+
+ // Normalize() each entry in the Components slice
+ // Note: this causes recursion as each "Component" type has a "Components" slice.
+ for _, component := range slice {
+ component.Normalize()
+ }
+}
+
+func (slice CDXServiceSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorService(element1, element2)
+ })
+
+ // Normalize() each entry in the Service slice
+ // Note: this causes recursion as each "Service" type has a "Services" slice.
+ for _, component := range slice {
+ component.Normalize()
+ }
+}
+
+func (slice CDXDependencySlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorDependency(element1, element2)
+ })
+
+ // Normalize() each entry in the Dependency slice
+ for _, dependency := range slice {
+ dependency.Normalize()
+ }
+}
+
+// TODO: Sort: the slices within the CDXComponentData (e.g., Contents,
+// SensitiveData, Graphics (collection), Governance, etc. )
+func (slice CDXComponentDataSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorComponentData(element1, element2)
+ })
+}
+
+func (slice CDXLicenseChoiceSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorLicenseChoice(element1, element2)
+ })
+
+ // Sort LicenseChoice elements
+ for _, licenseChoice := range slice {
+ licenseChoice.Normalize()
+ }
+}
+
+func (slice CDXOrganizationalContactSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorOrganizationalContact(element1, element2)
+ })
+}
+
+func (slice CDXOrganizationalEntitySlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorOrganizationalEntity(element1, element2)
+ })
+
+ // Sort the contents of the CDXOrganizationalEntity (i.e., Contact(s))
+ for _, entity := range slice {
+ entity.Normalize()
+ }
+}
+
+func (slice CDXAnnotationSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorAnnotation(element1, element2)
+ })
+}
+
+func (slice CDXExternalReferenceSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorExternalReference(element1, element2)
+ })
+}
+
+func (slice CDXPropertySlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorProperty(element1, element2)
+ })
+}
+
+func (slice CDXRefLinkTypeSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorRefLinkType(element1, element2)
+ })
+}
+
+func (slice CDXReleaseNotesSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorReleaseNotes(element1, element2)
+ })
+}
+
+func (slice CDXHashSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorHash(element1, element2)
+ })
+}
+
+func (slice CDXCompositionSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorComposition(element1, element2)
+ })
+
+ for _, composition := range slice {
+ composition.Normalize()
+ }
+}
+
+func (slice CDXVersionRangeSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorVersionRange(element1, element2)
+ })
+}
+
+// ====================================================================
+// Struct comparators
+// ====================================================================
+
+// Use required fields: "type", "name"
+// Use optional identity fields: "purl", "cpe", "swid.TagId"
+// Sort by the optional field "bom-ref" as this is pseudo-required if
+// slice elements contain duplicates with both "name" and "type".
+func comparatorComponent(element1 CDXComponent, element2 CDXComponent) bool {
+ // sort by required field(s)
+ if element1.Type != element2.Type {
+ return element1.Type < element2.Type
+ }
+ if element1.Name != element2.Name {
+ return element1.Name < element2.Name
+ }
+ // Other optional identifiers
+ if element1.Cpe != element2.Cpe {
+ return element1.Cpe < element2.Cpe
+ }
+ if element1.Purl != element2.Purl {
+ return element1.Purl < element2.Purl
+ }
+ if element1.Swid != nil && element2.Swid != nil {
+ Swid1 := *element1.Swid
+ Swid2 := *element2.Swid
+ return Swid1.TagId < Swid2.TagId
+ }
+ // Other "tie breakers"
+ if element1.Version != element2.Version {
+ return element1.Version < element2.Version
+ }
+ // sort by (sometimes an identifier): "bom-ref"
+ if element1.BOMRef != nil && element2.BOMRef != nil {
+ return comparatorBOMRefType(*element1.BOMRef, *element2.BOMRef)
+ }
+ // default: preserve existing order
+ return true
+}
+
+func comparatorService(element1 CDXService, element2 CDXService) bool {
+ // sort by required field(s): "name"
+ if element1.Name != element2.Name {
+ return element1.Name < element2.Name
+ }
+ // sort by other "tie breakers"
+ if element1.Version != element2.Version {
+ return element1.Version < element2.Version
+ }
+ // sort by (sometimes an identifier): "bom-ref"
+ if element1.BOMRef != nil && element2.BOMRef != nil {
+ return comparatorBOMRefType(*element1.BOMRef, *element2.BOMRef)
+ }
+ // default: preserve existing order
+ return true
+}
+
+func comparatorDependency(element1 CDXDependency, element2 CDXDependency) bool {
+ // guard against invalid pointers to (required) elements
+ if element1.Ref != nil && element2.Ref != nil {
+ // sort by required field: "ref"
+ return *element1.Ref < *element2.Ref
+ }
+ // default: preserve existing order
+ return true
+}
+
+// Note: RefLinkType is of type CDXRefType which is of type "string" (for now)
+func comparatorRefLinkType(element1 CDXRefLinkType, element2 CDXRefLinkType) bool {
+ // Note: casting to actual data type
+ return comparatorRefType(CDXRefType(element1), CDXRefType(element2))
+}
+
+func comparatorBOMRefType(element1 CDXRefType, element2 CDXRefType) bool {
+ // NOTE: we do not want to use "bom-def" if it is randomly generated UUID
+ // Even if it is an ID like a Package URL (pURL), other IDs SHOULD
+ // be used for "sort" prior to relying upon it in the "bom-ref" field.
+ if IsValidUUID(element1.String()) || IsValidUUID(element2.String()) {
+ return true
+ }
+ // Note: this is a basic "string" comparison
+ return element1 < element2
+}
+
+func IsValidUUID(u string) bool {
+ _, err := uuid.Parse(u)
+ return err == nil
+}
+
+func comparatorRefType(element1 CDXRefType, element2 CDXRefType) bool {
+ // Note: this is a basic "string" comparison
+ return element1 < element2
+}
+
+func comparatorComponentData(element1 CDXComponentData, element2 CDXComponentData) bool {
+ // sort by required fields: "type"
+ if element1.Type != element2.Type {
+ return element1.Type < element2.Type
+ }
+ // sort using combinations of identifying field values: "name"
+ return element1.Name < element2.Name
+}
+
+// TODO: use "text", "url" as "tie-breakers"
+func comparatorLicenseChoice(element1 CDXLicenseChoice, element2 CDXLicenseChoice) bool {
+ // Option 1: "CDXLicense" object is provided
+ // guard against invalid pointers to (required) elements
+ if element1.License != nil && element2.License != nil {
+ license1 := *element1.License
+ license2 := *element2.License
+ // TODO: test for "id" vs. "name" and assure "id" entries appear first
+ // "oneOf": ["id", "name"] is required
+ if license1.Id != license2.Id {
+ return license1.Id < license2.Id
+ }
+ return license1.Name < license2.Name
+ }
+ // Option 2: "CDXLicenseExpression" is provided
+ if element1.Expression != element2.Expression {
+ return element1.Expression < element2.Expression
+ }
+ // sort by (sometimes an identifier): "bom-ref"
+ if element1.BOMRef != nil && element2.BOMRef != nil {
+ return comparatorBOMRefType(*element1.BOMRef, *element2.BOMRef)
+ }
+ return true
+}
+
+func comparatorHash(element1 CDXHash, element2 CDXHash) bool {
+ // sort by required fields: "alg", "content"
+ if element1.Alg != element2.Alg {
+ return element1.Alg < element2.Alg
+ }
+ return element1.Content < element2.Content
+}
+
+func comparatorOrganizationalContact(element1 CDXOrganizationalContact, element2 CDXOrganizationalContact) bool {
+ // sort by optional field(s): "name", "email", "phone"
+ if element1.Name != element2.Name {
+ return element1.Name < element2.Name
+ }
+ if element1.Email != element2.Email {
+ return element1.Email < element2.Email
+ }
+ if element1.Phone != element2.Phone {
+ return element1.Phone < element2.Phone
+ }
+ // sort by (sometimes an identifier): "bom-ref"
+ if element1.BOMRef != nil && element2.BOMRef != nil {
+ return comparatorBOMRefType(*element1.BOMRef, *element2.BOMRef)
+ }
+ return true
+}
+
+func comparatorOrganizationalEntity(element1 CDXOrganizationalEntity, element2 CDXOrganizationalEntity) bool {
+ // sort by optional field(s): "name"
+ if element1.Name != element2.Name {
+ return element1.Name < element2.Name
+ }
+ // TODO: "tie-breakers": Url ([]string), Contact ([]string)
+ // sort by (sometimes an identifier): "bom-ref"
+ if element1.BOMRef != nil && element2.BOMRef != nil {
+ return comparatorBOMRefType(*element1.BOMRef, *element2.BOMRef)
+ }
+ return true
+}
+
+// TODO sort "subjects", "annotator"
+func comparatorAnnotation(element1 CDXAnnotation, element2 CDXAnnotation) bool {
+ // sort by required fields: "timestamp", "text"
+ if element1.Timestamp != element2.Timestamp {
+ return element1.Timestamp < element2.Timestamp
+ }
+ return element1.Text < element2.Text
+}
+
+// NOTE: The name is plural to match the current struct name (and perhaps json schema name)
+func comparatorReleaseNotes(element1 CDXReleaseNotes, element2 CDXReleaseNotes) bool {
+ // sort by required fields: "type"
+ if element1.Type != element2.Type {
+ return element1.Type < element2.Type
+ }
+ // sort by using combinations of identifying field values: "title", "timestamp"
+ if element1.Title != element2.Title {
+ return element1.Title < element2.Title
+ }
+ return element1.Timestamp < element2.Timestamp
+}
+
+func comparatorExternalReference(element1 CDXExternalReference, element2 CDXExternalReference) bool {
+ // sort by required fields: "type", "url"
+ if element1.Type != element2.Type {
+ return element1.Type < element2.Type
+ }
+ return element1.Url < element2.Url
+}
+
+func comparatorProperty(element1 CDXProperty, element2 CDXProperty) bool {
+ // sort by required fields: "name", "value"
+ if element1.Name != element2.Name {
+ return element1.Name < element2.Name
+ }
+ return element1.Value < element2.Value
+}
+
+func comparatorComposition(element1 CDXCompositions, element2 CDXCompositions) bool {
+ // sort by required field "aggregate"
+ if element1.Aggregate != element2.Aggregate {
+ return element1.Aggregate < element2.Aggregate
+ }
+ // TODO: "tie-breakers": "signature"?
+ // sort by (sometimes an identifier): "bom-ref"
+ if element1.BOMRef != nil && element2.BOMRef != nil {
+ return comparatorBOMRefType(*element1.BOMRef, *element2.BOMRef)
+ }
+ // default: preserve existing order
+ return true
+}
+
+func comparatorVersionRange(element1 CDXVersionRange, element2 CDXVersionRange) bool {
+ if element1.Version != element2.Version {
+ return element1.Version < element2.Version
+ }
+ if element1.Range != element2.Range {
+ return element1.Range < element2.Range
+ }
+ if element1.Status != element2.Status {
+ return element1.Status < element2.Status
+ }
+ // default: preserve existing order
+ return true
+}
diff --git a/schema/cyclonedx_normalize_formulation.go b/schema/cyclonedx_normalize_formulation.go
new file mode 100644
index 00000000..e1e028b3
--- /dev/null
+++ b/schema/cyclonedx_normalize_formulation.go
@@ -0,0 +1,184 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package schema
+
+import "sort"
+
+// named BOM slice types
+type CDXFormulaSlice []CDXFormula
+type CDXTaskSlice []CDXTask
+type CDXTaskTypeSlice []CDXTaskType
+type CDXWorkflowSlice []CDXWorkflow
+
+// ====================================================================
+// Struct Normalizers
+// ====================================================================
+
+func (formula *CDXFormula) Normalize() {
+ // Sort: Components
+ // Note: The following method is recursive
+ if formula.Components != nil {
+ CDXComponentSlice(*formula.Components).Normalize()
+ }
+ // Sort: Services
+ // Note: The following method is recursive
+ if formula.Services != nil {
+ CDXServiceSlice(*formula.Services).Normalize()
+ }
+ // Sort: Workflows
+ if formula.Workflows != nil {
+ CDXWorkflowSlice(*formula.Workflows).Normalize()
+ }
+ // Sort: Properties
+ if formula.Properties != nil {
+ CDXPropertySlice(*formula.Properties).Normalize()
+ }
+}
+
+func (workflow *CDXWorkflow) Normalize() {
+ // Sort: TaskTypes
+ if workflow.TaskTypes != nil {
+ CDXTaskTypeSlice(*workflow.TaskTypes).Normalize()
+ }
+ // Sort: Tasks
+ if workflow.Tasks != nil {
+ CDXTaskSlice(*workflow.Tasks).Normalize()
+ }
+ // TODO: Sort: ResourceReferences
+ // TODO: Sort: Tasks
+ // TODO: Sort: TaskDependencies
+ // TODO: Sort: Trigger
+ // TODO: Sort: Steps
+ // TODO: Sort: Inputs
+ // TODO: Sort: Outputs
+ // TODO: Sort: Workspaces
+ // TODO: Sort: RuntimeTopology
+ // Sort: Properties
+ if workflow.Properties != nil {
+ CDXPropertySlice(*workflow.Properties).Normalize()
+ }
+}
+
+func (task *CDXTask) Normalize() {
+ // Sort: TaskTypes
+ if task.TaskTypes != nil {
+ CDXTaskTypeSlice(*task.TaskTypes).Normalize()
+ }
+ // TODO: Sort: ResourceReferences
+ // TODO: Sort: Tasks
+ // TODO: Sort: TaskDependencies
+ // TODO: Sort: Trigger
+ // TODO: Sort: Steps
+ // TODO: Sort: Inputs
+ // TODO: Sort: Outputs
+ // TODO: Sort: Workspaces
+ // TODO: Sort: RuntimeTopology
+ // Sort: Properties
+ if task.Properties != nil {
+ CDXPropertySlice(*task.Properties).Normalize()
+ }
+}
+
+// ====================================================================
+// Slice Normalizers
+// ====================================================================
+
+func (slice CDXFormulaSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorFormula(element1, element2)
+ })
+
+ // TODO: Sort: workflows (tasks), components, services, properties, etc.
+ // Normalize() each entry in the Dependency slice
+ for _, formula := range slice {
+ formula.Normalize()
+ }
+}
+
+func (slice CDXTaskSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorTask(element1, element2)
+ })
+
+ for _, task := range slice {
+ task.Normalize()
+ }
+}
+
+func (slice CDXTaskTypeSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ // Note: CDXTaskType is a named type for "string"
+ return slice[i] < slice[j]
+ })
+}
+
+func (slice CDXWorkflowSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorWorkflow(element1, element2)
+ })
+
+ for _, workflow := range slice {
+ workflow.Normalize()
+ }
+}
+
+// ====================================================================
+// Struct comparators
+// ====================================================================
+
+// NOTE: sorting structs like this are challenge since there are no required fields
+// within the top-level data schema; yet, there are LOTS of slices to sort within.
+// TODO: make the "bom-ref" field "required" in v2.0
+func comparatorFormula(element1 CDXFormula, element2 CDXFormula) bool {
+ // sort by pseudo-required field "bom-ref"
+ if element1.BOMRef != nil && element2.BOMRef != nil {
+ return comparatorRefType(*element1.BOMRef, *element2.BOMRef)
+ }
+ // default: preserve existing order
+ return true
+}
+
+func comparatorWorkflow(element1 CDXWorkflow, element2 CDXWorkflow) bool {
+ // sort by required field "bom-ref"
+ if element1.BOMRef != nil && element2.BOMRef != nil {
+ return comparatorRefType(*element1.BOMRef, *element2.BOMRef)
+ }
+ if element1.Uid != element2.Uid {
+ return element1.Uid < element2.Uid
+ }
+ // default: preserve existing order
+ return true
+}
+
+func comparatorTask(element1 CDXTask, element2 CDXTask) bool {
+ // sort by required field "bom-ref"
+ if element1.BOMRef != nil && element2.BOMRef != nil {
+ return comparatorRefType(*element1.BOMRef, *element2.BOMRef)
+ }
+ if element1.Uid != element2.Uid {
+ return element1.Uid < element2.Uid
+ }
+ // default: preserve existing order
+ return true
+}
diff --git a/schema/cyclonedx_normalize_vulnerability.go b/schema/cyclonedx_normalize_vulnerability.go
new file mode 100644
index 00000000..11cdd665
--- /dev/null
+++ b/schema/cyclonedx_normalize_vulnerability.go
@@ -0,0 +1,256 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package schema
+
+import "sort"
+
+// named BOM slice types
+type CDXAdvisorySlice []CDXAdvisory
+type CDXAffectSlice []CDXAffect
+type CDXRatingSlice []CDXRating
+type CDXSupportingMaterialSlice []CDXSupportingMaterial
+type CDXVulnerabilityReferenceSlice []CDXVulnerabilityReference
+type CDXVulnerabilitySlice []CDXVulnerability
+
+// ====================================================================
+// Struct Normalizers
+// ====================================================================
+
+// type CDXVulnerability struct {
+// TODO: Tools interface{} (i.e., need to test for which type it is in order to Normalize)
+//
+// Analysis *CDXAnalysis `json:"analysis,omitempty"` // v1.4: anon. type
+// }
+func (vulnerability *CDXVulnerability) Normalize() {
+ // Sort: References
+ if vulnerability.References != nil {
+ CDXVulnerabilityReferenceSlice(*vulnerability.References).Normalize()
+ }
+ // Sort: Ratings
+ if vulnerability.Ratings != nil {
+ CDXRatingSlice(*vulnerability.Ratings).Normalize()
+ }
+ // Sort: Cwes
+ if vulnerability.Cwes != nil {
+ sort.Ints(*vulnerability.Cwes)
+ }
+ // Sort: Advisories
+ if vulnerability.Advisories != nil {
+ CDXAdvisorySlice(*vulnerability.Advisories).Normalize()
+ }
+ // Sort: Credits substructure
+ if vulnerability.Credits != nil {
+ vulnerability.Credits.Normalize()
+ }
+ // TODO: Sort: Tools
+ // Sort: Analysis
+ if vulnerability.Analysis != nil {
+ vulnerability.Analysis.Normalize()
+ }
+ // Sort: Affects
+ if vulnerability.Affects != nil {
+ CDXAffectSlice(*vulnerability.Affects).Normalize()
+ }
+ // Sort: ProofOfConcept
+ if vulnerability.ProofOfConcept != nil {
+ vulnerability.ProofOfConcept.Normalize()
+ }
+ // Sort: Properties
+ if vulnerability.Properties != nil {
+ CDXPropertySlice(*vulnerability.Properties).Normalize()
+ }
+}
+
+func (credit *CDXCredit) Normalize() {
+ if credit.Organizations != nil {
+ CDXOrganizationalEntitySlice(*credit.Organizations).Normalize()
+ }
+ if credit.Individuals != nil {
+ CDXOrganizationalContactSlice(*credit.Individuals).Normalize()
+ }
+}
+
+func (poc *CDXProofOfConcept) Normalize() {
+ if poc.SupportingMaterial != nil {
+ CDXSupportingMaterialSlice(*poc.SupportingMaterial).Normalize()
+ }
+}
+
+func (analysis *CDXAnalysis) Normalize() {
+ if analysis.Response != nil {
+ sort.Strings(*analysis.Response)
+ }
+}
+
+// ====================================================================
+// Slice Normalizers
+// ====================================================================
+func (slice CDXVulnerabilitySlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorVulnerability(element1, element2)
+ })
+ // TODO: sort (nested) children of each vulnerability
+ for _, vulnerability := range slice {
+ vulnerability.Normalize()
+ }
+}
+
+func (slice CDXRatingSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorRating(element1, element2)
+ })
+}
+
+func (slice CDXVulnerabilityReferenceSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorVulnerabilityReference(element1, element2)
+ })
+}
+
+func (slice CDXAdvisorySlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorAdvisory(element1, element2)
+ })
+}
+
+func (slice CDXAffectSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorAffect(element1, element2)
+ })
+}
+
+func (slice CDXSupportingMaterialSlice) Normalize() {
+ sort.Slice(slice, func(i, j int) bool {
+ element1 := slice[i]
+ element2 := slice[j]
+ return comparatorSupportingMaterial(element1, element2)
+ })
+}
+
+// ====================================================================
+// Struct comparators
+// ====================================================================
+
+// NOTE: there are NO required fields in the vulnerability object's data schema
+// sort by we will sort using fields that may contain local, identifying values
+// TODO sort "advisories", "cwes" and "ratings.source" and "affects.ref"
+func comparatorVulnerability(element1 CDXVulnerability, element2 CDXVulnerability) bool {
+ // optional identifiers: "id"
+ if element1.Id != element2.Id {
+ return element1.Id < element2.Id
+ }
+ // pseudo-required fields:
+ if element1.Created != element2.Created {
+ return element1.Created < element2.Created
+ }
+ if element1.Published != element2.Published {
+ return element1.Published < element2.Published
+ }
+ if element1.Updated != element2.Updated {
+ return element1.Updated < element2.Updated
+ }
+ // other optional "tie breakers":
+ if element1.Source != nil && element2.Source != nil {
+ return comparatorSource(*element1.Source, *element2.Source)
+ }
+ // sort by (sometimes an identifier): "bom-ref"
+ if element1.BOMRef != nil && element2.BOMRef != nil {
+ return comparatorRefType(*element1.BOMRef, *element2.BOMRef)
+ }
+ // default: preserve existing order
+ return true
+}
+
+func comparatorAdvisory(element1 CDXAdvisory, element2 CDXAdvisory) bool {
+ if element1.Title != element2.Title {
+ return element1.Title < element2.Title
+ }
+ if element1.Url != element2.Url {
+ return element1.Url < element2.Url
+ }
+ return true
+}
+
+// TODO: Look into sort by: Versions *[]CDXVersionRange (after normalized)
+func comparatorAffect(element1 CDXAffect, element2 CDXAffect) bool {
+ if element1.Ref != nil && element2.Ref != nil {
+ return comparatorRefLinkType(*element1.Ref, *element2.Ref)
+ }
+ return true
+}
+
+func comparatorRating(element1 CDXRating, element2 CDXRating) bool {
+ if element1.Severity != element2.Severity {
+ return element1.Severity < element2.Severity
+ }
+ if element1.Score != element2.Score {
+ return element1.Score < element2.Score
+ }
+ if element1.Method != element2.Method {
+ return element1.Method < element2.Method
+ }
+ if element1.Source != nil && element2.Source != nil {
+ return comparatorSource(*element1.Source, *element2.Source)
+ }
+ // default: preserve existing order
+ return true
+}
+
+func comparatorSource(element1 CDXVulnerabilitySource, element2 CDXVulnerabilitySource) bool {
+ if element1.Name != element2.Name {
+ return element1.Name < element2.Name
+ }
+ if element1.Url != element2.Url {
+ return element1.Url < element2.Url
+ }
+ return true
+}
+
+func comparatorSupportingMaterial(element1 CDXSupportingMaterial, element2 CDXSupportingMaterial) bool {
+ if element1.ContentType != element2.ContentType {
+ return element1.ContentType < element2.ContentType
+ }
+ if element1.Encoding != element2.Encoding {
+ return element1.Encoding < element2.Encoding
+ }
+ if element1.Content != element2.Content {
+ return element1.Content < element2.Content
+ }
+ return true
+}
+
+func comparatorVulnerabilityReference(element1 CDXVulnerabilityReference, element2 CDXVulnerabilityReference) bool {
+ if element1.Id != element2.Id {
+ return element1.Id < element2.Id
+ }
+ // other optional "tie breakers":
+ if element1.Source != nil && element2.Source != nil {
+ return comparatorSource(*element1.Source, *element2.Source)
+ }
+ return true
+}
diff --git a/schema/cyclonedx_vulnerability.go b/schema/cyclonedx_vulnerability.go
index d6b21543..e64a72f4 100644
--- a/schema/cyclonedx_vulnerability.go
+++ b/schema/cyclonedx_vulnerability.go
@@ -24,9 +24,9 @@ package schema
// Note: "cwes" is a array of "cwe" which is a constrained `int`
// NOTE: CDXRefType is a named `string` type as of v1.5
type CDXVulnerability struct {
- BOMRef *CDXRefType `json:"bom-ref,omitempty"` // v1.4
Id string `json:"id,omitempty"` // v1.4
Source *CDXVulnerabilitySource `json:"source,omitempty"` // v1.4
+ BOMRef *CDXRefType `json:"bom-ref,omitempty"` // v1.4
References *[]CDXVulnerabilityReference `json:"references"` // v1.4: anon. type
Ratings *[]CDXRating `json:"ratings,omitempty"` // v1.4
Cwes *[]int `json:"cwes,omitempty"` // v1.4
diff --git a/test/diff/panic/nats1.json b/test/diff/panic/nats1.json
new file mode 100644
index 00000000..97476a7a
--- /dev/null
+++ b/test/diff/panic/nats1.json
@@ -0,0 +1,6603 @@
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.5",
+ "serialNumber": "urn:uuid:6eec6ee9-3a97-4531-acb1-214ac9b87ecf",
+ "version": 1,
+ "metadata": {
+ "timestamp": "2024-03-20T08:14:05+00:00",
+ "tools": {
+ "components": [
+ {
+ "group": "aquasecurity",
+ "name": "trivy",
+ "type": "application",
+ "version": "0.49.1"
+ }
+ ]
+ },
+ "component": {
+ "type": "container",
+ "name": "natsio/nats-box:0.14.1",
+ "bom-ref": "pkg:oci/nats-box@sha256%3Aa67913df95f1d5b265117e49e4c83228091d13d6783d80215ddcf84aba695ef4?arch=amd64&repository_url=index.docker.io%2Fnatsio%2Fnats-box",
+ "purl": "pkg:oci/nats-box@sha256%3Aa67913df95f1d5b265117e49e4c83228091d13d6783d80215ddcf84aba695ef4?arch=amd64&repository_url=index.docker.io%2Fnatsio%2Fnats-box",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:DiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438,sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581,sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822,sha256:10f907811045b5d89e111819899be9b23c7899d6ca621b88e382d734e8db51af,sha256:6c5c015d50df16c2634e042303b975f72846a0d35146f460c3fdb1627d6a696d,sha256:e84070d74aa1753864c9a59f7d365e39eb3e51d1dac914c32a2b4a4e5d9c3af7,sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+ },
+ {
+ "name": "aquasecurity:trivy:ImageID",
+ "value": "sha256:d85f313df734d9e111f2e97ed605cced9ddba62e510ae0ee4e3a06ce21ccd4d1"
+ },
+ {
+ "name": "aquasecurity:trivy:RepoDigest",
+ "value": "natsio/nats-box@sha256:a67913df95f1d5b265117e49e4c83228091d13d6783d80215ddcf84aba695ef4"
+ },
+ {
+ "name": "aquasecurity:trivy:RepoTag",
+ "value": "natsio/nats-box:0.14.1"
+ },
+ {
+ "name": "aquasecurity:trivy:SchemaVersion",
+ "value": "2"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "application",
+ "name": "usr/local/bin/nats",
+ "bom-ref": "4ce1b5d8-fb7a-4506-9c92-ff2ca0de8e69",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "lang-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "application",
+ "name": "usr/local/bin/nats-top",
+ "bom-ref": "def80684-0ff2-4775-b7df-93952a5dd40e",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "lang-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "application",
+ "name": "usr/local/bin/nsc",
+ "bom-ref": "1041129c-b3a8-4896-9ba4-cf92e58ed5d2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "lang-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "alpine-baselayout",
+ "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4",
+ "version": "3.4.3-r1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "cf0bca32762cd5be9974f4c127467b0f93f78f20"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "alpine-baselayout@3.4.3-r1"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "alpine-baselayout"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "3.4.3-r1"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "alpine-baselayout-data",
+ "bom-ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4",
+ "version": "3.4.3-r1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "602007ee374ed96f35e9bf39b1487d67c6afe027"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "alpine-baselayout-data@3.4.3-r1"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "alpine-baselayout"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "3.4.3-r1"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "alpine-keys",
+ "bom-ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4",
+ "version": "2.4-r1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ec3a3d5ef4c7a168d09516097bb3219ca77c1534"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "alpine-keys@2.4-r1"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "alpine-keys"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "2.4-r1"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "apk-tools",
+ "bom-ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4",
+ "version": "2.14.0-r2",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8cde25f239ebf691cd135a3954e5193c1ac2ae13"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "apk-tools@2.14.0-r2"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "apk-tools"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "2.14.0-r2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "brotli-libs",
+ "bom-ref": "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4",
+ "version": "1.0.9-r14",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "48b2006d35cdde849a18f7cadbfaf17c9273130f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "brotli-libs@1.0.9-r14"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "brotli"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.0.9-r14"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "busybox",
+ "bom-ref": "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "version": "1.36.1-r4",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f2aefa121ae047b6d66f587964014e782dd761ed"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "busybox@1.36.1-r4"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "busybox"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.36.1-r4"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "busybox-binsh",
+ "bom-ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "version": "1.36.1-r4",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "cad2ac72ebcf9db9137100f2529528b165328fc3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "busybox-binsh@1.36.1-r4"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "busybox"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.36.1-r4"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "ca-certificates",
+ "bom-ref": "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4",
+ "version": "20230506-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "146f0cfbbc3e7648d5f55cb49861565b6b78f83a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "MPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "ca-certificates@20230506-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "ca-certificates"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "20230506-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "ca-certificates-bundle",
+ "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4",
+ "version": "20230506-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "47f485d08670a9eb21ebf10e70ae65dc43ab6c3d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "MPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "ca-certificates-bundle@20230506-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "ca-certificates"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "20230506-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "curl",
+ "bom-ref": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4",
+ "version": "8.4.0-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "767892cd1643cd073d6ba6846b7f3452e3851b7b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "curl"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "curl@8.4.0-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "curl"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "8.4.0-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "figlet",
+ "bom-ref": "pkg:apk/alpine/figlet@2.2.5-r3?arch=x86_64&distro=3.18.4",
+ "version": "2.2.5-r3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "fa17a85bc6a99bd8e1723b19d2d10d73cf7999ff"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/figlet@2.2.5-r3?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "figlet@2.2.5-r3"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "figlet"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "2.2.5-r3"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/AlecAivazis/survey/v2",
+ "bom-ref": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.6",
+ "version": "v2.3.6",
+ "purl": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.6",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/AlecAivazis/survey/v2",
+ "bom-ref": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.7",
+ "version": "v2.3.7",
+ "purl": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.7",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/HdrHistogram/hdrhistogram-go",
+ "bom-ref": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v1.1.2",
+ "version": "v1.1.2",
+ "purl": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v1.1.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/antonmedv/expr",
+ "bom-ref": "pkg:golang/github.com/antonmedv/expr@v1.15.2",
+ "version": "v1.15.2",
+ "purl": "pkg:golang/github.com/antonmedv/expr@v1.15.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/beorn7/perks",
+ "bom-ref": "pkg:golang/github.com/beorn7/perks@v1.0.1",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/beorn7/perks@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/blang/semver",
+ "bom-ref": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible",
+ "version": "v3.5.1+incompatible",
+ "purl": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/briandowns/spinner",
+ "bom-ref": "pkg:golang/github.com/briandowns/spinner@v1.23.0",
+ "version": "v1.23.0",
+ "purl": "pkg:golang/github.com/briandowns/spinner@v1.23.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/cespare/xxhash/v2",
+ "bom-ref": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0",
+ "version": "v2.2.0",
+ "purl": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/choria-io/fisk",
+ "bom-ref": "pkg:golang/github.com/choria-io/fisk@v0.6.0",
+ "version": "v0.6.0",
+ "purl": "pkg:golang/github.com/choria-io/fisk@v0.6.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/cpuguy83/go-md2man/v2",
+ "bom-ref": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2",
+ "version": "v2.0.2",
+ "purl": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/dustin/go-humanize",
+ "bom-ref": "pkg:golang/github.com/dustin/go-humanize@v1.0.1",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/dustin/go-humanize@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/emicklei/dot",
+ "bom-ref": "pkg:golang/github.com/emicklei/dot@v1.6.0",
+ "version": "v1.6.0",
+ "purl": "pkg:golang/github.com/emicklei/dot@v1.6.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/fatih/color",
+ "bom-ref": "pkg:golang/github.com/fatih/color@v1.15.0",
+ "version": "v1.15.0",
+ "purl": "pkg:golang/github.com/fatih/color@v1.15.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/ghodss/yaml",
+ "bom-ref": "pkg:golang/github.com/ghodss/yaml@v1.0.0",
+ "version": "v1.0.0",
+ "purl": "pkg:golang/github.com/ghodss/yaml@v1.0.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/golang/protobuf",
+ "bom-ref": "pkg:golang/github.com/golang/protobuf@v1.5.3",
+ "version": "v1.5.3",
+ "purl": "pkg:golang/github.com/golang/protobuf@v1.5.3",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/google/go-cmp",
+ "bom-ref": "pkg:golang/github.com/google/go-cmp@v0.5.9",
+ "version": "v0.5.9",
+ "purl": "pkg:golang/github.com/google/go-cmp@v0.5.9",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/google/go-github/v30",
+ "bom-ref": "pkg:golang/github.com/google/go-github/v30@v30.1.0",
+ "version": "v30.1.0",
+ "purl": "pkg:golang/github.com/google/go-github/v30@v30.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/google/go-querystring",
+ "bom-ref": "pkg:golang/github.com/google/go-querystring@v1.1.0",
+ "version": "v1.1.0",
+ "purl": "pkg:golang/github.com/google/go-querystring@v1.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/google/shlex",
+ "bom-ref": "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510",
+ "version": "v0.0.0-20191202100458-e7afc7fbc510",
+ "purl": "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/gosuri/uilive",
+ "bom-ref": "pkg:golang/github.com/gosuri/uilive@v0.0.4",
+ "version": "v0.0.4",
+ "purl": "pkg:golang/github.com/gosuri/uilive@v0.0.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/gosuri/uiprogress",
+ "bom-ref": "pkg:golang/github.com/gosuri/uiprogress@v0.0.1",
+ "version": "v0.0.1",
+ "purl": "pkg:golang/github.com/gosuri/uiprogress@v0.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/guptarohit/asciigraph",
+ "bom-ref": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.6",
+ "version": "v0.5.6",
+ "purl": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.6",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/inconshreveable/go-update",
+ "bom-ref": "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf",
+ "version": "v0.0.0-20160112193335-8152e7eb6ccf",
+ "purl": "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/jedib0t/go-pretty/v6",
+ "bom-ref": "pkg:golang/github.com/jedib0t/go-pretty/v6@v6.4.7",
+ "version": "v6.4.7",
+ "purl": "pkg:golang/github.com/jedib0t/go-pretty/v6@v6.4.7",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/kballard/go-shellquote",
+ "bom-ref": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51",
+ "version": "v0.0.0-20180428030007-95032a82bc51",
+ "purl": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/klauspost/compress",
+ "bom-ref": "pkg:golang/github.com/klauspost/compress@v1.16.5",
+ "version": "v1.16.5",
+ "purl": "pkg:golang/github.com/klauspost/compress@v1.16.5",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/klauspost/compress",
+ "bom-ref": "pkg:golang/github.com/klauspost/compress@v1.17.0",
+ "version": "v1.17.0",
+ "purl": "pkg:golang/github.com/klauspost/compress@v1.17.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mattn/go-colorable",
+ "bom-ref": "pkg:golang/github.com/mattn/go-colorable@v0.1.13",
+ "version": "v0.1.13",
+ "purl": "pkg:golang/github.com/mattn/go-colorable@v0.1.13",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mattn/go-isatty",
+ "bom-ref": "pkg:golang/github.com/mattn/go-isatty@v0.0.17",
+ "version": "v0.0.17",
+ "purl": "pkg:golang/github.com/mattn/go-isatty@v0.0.17",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mattn/go-isatty",
+ "bom-ref": "pkg:golang/github.com/mattn/go-isatty@v0.0.19",
+ "version": "v0.0.19",
+ "purl": "pkg:golang/github.com/mattn/go-isatty@v0.0.19",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mattn/go-runewidth",
+ "bom-ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14",
+ "version": "v0.0.14",
+ "purl": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mattn/go-runewidth",
+ "bom-ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.15",
+ "version": "v0.0.15",
+ "purl": "pkg:golang/github.com/mattn/go-runewidth@v0.0.15",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/matttproud/golang_protobuf_extensions",
+ "bom-ref": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4",
+ "version": "v1.0.4",
+ "purl": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mgutz/ansi",
+ "bom-ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d",
+ "version": "v0.0.0-20200706080929-d51e80ef957d",
+ "purl": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/minio/highwayhash",
+ "bom-ref": "pkg:golang/github.com/minio/highwayhash@v1.0.2",
+ "version": "v1.0.2",
+ "purl": "pkg:golang/github.com/minio/highwayhash@v1.0.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mitchellh/go-homedir",
+ "bom-ref": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0",
+ "version": "v1.1.0",
+ "purl": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mitchellh/go-wordwrap",
+ "bom-ref": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/cliprompts/v2",
+ "bom-ref": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9",
+ "version": "v2.0.0-20200221130455-2737f3b8cbb9",
+ "purl": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jsm.go",
+ "bom-ref": "pkg:golang/github.com/nats-io/jsm.go@v0.0.35",
+ "version": "v0.0.35",
+ "purl": "pkg:golang/github.com/nats-io/jsm.go@v0.0.35",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jsm.go",
+ "bom-ref": "pkg:golang/github.com/nats-io/jsm.go@v0.1.0",
+ "version": "v0.1.0",
+ "purl": "pkg:golang/github.com/nats-io/jsm.go@v0.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jwt/v2",
+ "bom-ref": "pkg:golang/github.com/nats-io/jwt/v2@v2.4.1",
+ "version": "v2.4.1",
+ "purl": "pkg:golang/github.com/nats-io/jwt/v2@v2.4.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jwt/v2",
+ "bom-ref": "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2",
+ "version": "v2.5.2",
+ "purl": "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats-server/v2",
+ "bom-ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0",
+ "version": "v2.10.0",
+ "purl": "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats-server/v2",
+ "bom-ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.9.19",
+ "version": "v2.9.19",
+ "purl": "pkg:golang/github.com/nats-io/nats-server/v2@v2.9.19",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats.go",
+ "bom-ref": "pkg:golang/github.com/nats-io/nats.go@v1.24.0",
+ "version": "v1.24.0",
+ "purl": "pkg:golang/github.com/nats-io/nats.go@v1.24.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats.go",
+ "bom-ref": "pkg:golang/github.com/nats-io/nats.go@v1.30.0",
+ "version": "v1.30.0",
+ "purl": "pkg:golang/github.com/nats-io/nats.go@v1.30.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nkeys",
+ "bom-ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.4",
+ "version": "v0.4.4",
+ "purl": "pkg:golang/github.com/nats-io/nkeys@v0.4.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nkeys",
+ "bom-ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.5",
+ "version": "v0.4.5",
+ "purl": "pkg:golang/github.com/nats-io/nkeys@v0.4.5",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nuid",
+ "bom-ref": "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nsf/termbox-go",
+ "bom-ref": "pkg:golang/github.com/nsf/termbox-go@v1.1.1",
+ "version": "v1.1.1",
+ "purl": "pkg:golang/github.com/nsf/termbox-go@v1.1.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/prometheus/client_golang",
+ "bom-ref": "pkg:golang/github.com/prometheus/client_golang@v1.16.0",
+ "version": "v1.16.0",
+ "purl": "pkg:golang/github.com/prometheus/client_golang@v1.16.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/prometheus/client_model",
+ "bom-ref": "pkg:golang/github.com/prometheus/client_model@v0.4.0",
+ "version": "v0.4.0",
+ "purl": "pkg:golang/github.com/prometheus/client_model@v0.4.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/prometheus/common",
+ "bom-ref": "pkg:golang/github.com/prometheus/common@v0.44.0",
+ "version": "v0.44.0",
+ "purl": "pkg:golang/github.com/prometheus/common@v0.44.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/prometheus/procfs",
+ "bom-ref": "pkg:golang/github.com/prometheus/procfs@v0.11.1",
+ "version": "v0.11.1",
+ "purl": "pkg:golang/github.com/prometheus/procfs@v0.11.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/rhysd/go-github-selfupdate",
+ "bom-ref": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3",
+ "version": "v1.2.3",
+ "purl": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/rivo/uniseg",
+ "bom-ref": "pkg:golang/github.com/rivo/uniseg@v0.2.0",
+ "version": "v0.2.0",
+ "purl": "pkg:golang/github.com/rivo/uniseg@v0.2.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/rivo/uniseg",
+ "bom-ref": "pkg:golang/github.com/rivo/uniseg@v0.4.4",
+ "version": "v0.4.4",
+ "purl": "pkg:golang/github.com/rivo/uniseg@v0.4.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/russross/blackfriday/v2",
+ "bom-ref": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0",
+ "version": "v2.1.0",
+ "purl": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/santhosh-tekuri/jsonschema/v5",
+ "bom-ref": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1",
+ "version": "v5.3.1",
+ "purl": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/spf13/cobra",
+ "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.6.1",
+ "version": "v1.6.1",
+ "purl": "pkg:golang/github.com/spf13/cobra@v1.6.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/spf13/pflag",
+ "bom-ref": "pkg:golang/github.com/spf13/pflag@v1.0.5",
+ "version": "v1.0.5",
+ "purl": "pkg:golang/github.com/spf13/pflag@v1.0.5",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/tcnksm/go-gitconfig",
+ "bom-ref": "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2",
+ "version": "v0.1.2",
+ "purl": "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/tylertreat/hdrhistogram-writer",
+ "bom-ref": "pkg:golang/github.com/tylertreat/hdrhistogram-writer@v0.0.0-20210816161836-2e440612a39f",
+ "version": "v0.0.0-20210816161836-2e440612a39f",
+ "purl": "pkg:golang/github.com/tylertreat/hdrhistogram-writer@v0.0.0-20210816161836-2e440612a39f",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/ulikunitz/xz",
+ "bom-ref": "pkg:golang/github.com/ulikunitz/xz@v0.5.11",
+ "version": "v0.5.11",
+ "purl": "pkg:golang/github.com/ulikunitz/xz@v0.5.11",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/xlab/tablewriter",
+ "bom-ref": "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5",
+ "version": "v0.0.0-20160610135559-80b567a11ad5",
+ "purl": "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/crypto",
+ "bom-ref": "pkg:golang/golang.org/x/crypto@v0.13.0",
+ "version": "v0.13.0",
+ "purl": "pkg:golang/golang.org/x/crypto@v0.13.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/crypto",
+ "bom-ref": "pkg:golang/golang.org/x/crypto@v0.7.0",
+ "version": "v0.7.0",
+ "purl": "pkg:golang/golang.org/x/crypto@v0.7.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/crypto",
+ "bom-ref": "pkg:golang/golang.org/x/crypto@v0.9.0",
+ "version": "v0.9.0",
+ "purl": "pkg:golang/golang.org/x/crypto@v0.9.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/net",
+ "bom-ref": "pkg:golang/golang.org/x/net@v0.15.0",
+ "version": "v0.15.0",
+ "purl": "pkg:golang/golang.org/x/net@v0.15.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/oauth2",
+ "bom-ref": "pkg:golang/golang.org/x/oauth2@v0.6.0",
+ "version": "v0.6.0",
+ "purl": "pkg:golang/golang.org/x/oauth2@v0.6.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/sys",
+ "bom-ref": "pkg:golang/golang.org/x/sys@v0.12.0",
+ "version": "v0.12.0",
+ "purl": "pkg:golang/golang.org/x/sys@v0.12.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/sys",
+ "bom-ref": "pkg:golang/golang.org/x/sys@v0.6.0",
+ "version": "v0.6.0",
+ "purl": "pkg:golang/golang.org/x/sys@v0.6.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/sys",
+ "bom-ref": "pkg:golang/golang.org/x/sys@v0.8.0",
+ "version": "v0.8.0",
+ "purl": "pkg:golang/golang.org/x/sys@v0.8.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/term",
+ "bom-ref": "pkg:golang/golang.org/x/term@v0.12.0",
+ "version": "v0.12.0",
+ "purl": "pkg:golang/golang.org/x/term@v0.12.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/term",
+ "bom-ref": "pkg:golang/golang.org/x/term@v0.6.0",
+ "version": "v0.6.0",
+ "purl": "pkg:golang/golang.org/x/term@v0.6.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/text",
+ "bom-ref": "pkg:golang/golang.org/x/text@v0.13.0",
+ "version": "v0.13.0",
+ "purl": "pkg:golang/golang.org/x/text@v0.13.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/text",
+ "bom-ref": "pkg:golang/golang.org/x/text@v0.8.0",
+ "version": "v0.8.0",
+ "purl": "pkg:golang/golang.org/x/text@v0.8.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/time",
+ "bom-ref": "pkg:golang/golang.org/x/time@v0.3.0",
+ "version": "v0.3.0",
+ "purl": "pkg:golang/golang.org/x/time@v0.3.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "google.golang.org/protobuf",
+ "bom-ref": "pkg:golang/google.golang.org/protobuf@v1.31.0",
+ "version": "v1.31.0",
+ "purl": "pkg:golang/google.golang.org/protobuf@v1.31.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "gopkg.in/gizak/termui.v1",
+ "bom-ref": "pkg:golang/gopkg.in/gizak/termui.v1@v1.0.0-20151021151108-e62b5929642a",
+ "version": "v1.0.0-20151021151108-e62b5929642a",
+ "purl": "pkg:golang/gopkg.in/gizak/termui.v1@v1.0.0-20151021151108-e62b5929642a",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "gopkg.in/yaml.v2",
+ "bom-ref": "pkg:golang/gopkg.in/yaml.v2@v2.4.0",
+ "version": "v2.4.0",
+ "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "gopkg.in/yaml.v3",
+ "bom-ref": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
+ "version": "v3.0.1",
+ "purl": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:1e6df965a8abbe7f1c6eebb308925dfcccfa3a901de58f2a7a67692598061581"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:3e4c9abfa3c7f085462d845d2d9e232c5f8d065a41c420adae60b3406c9e856c"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "jq",
+ "bom-ref": "pkg:apk/alpine/jq@1.6-r3?arch=x86_64&distro=3.18.4",
+ "version": "1.6-r3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6beb4d293502d8477f30cb51596397bdcddfd85f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/jq@1.6-r3?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "jq@1.6-r3"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "jq"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.6-r3"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "libc-utils",
+ "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4",
+ "version": "0.7.2-r5",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2e59dafeb8bca0786540846c686f121ae8348a42"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "libc-utils@0.7.2-r5"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "libc-dev"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "0.7.2-r5"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "libcrypto3",
+ "bom-ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "version": "3.1.3-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "fa12c7857510118cad0c71e2695361574e3ddd3b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "libcrypto3@3.1.3-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "openssl"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "3.1.3-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "libcurl",
+ "bom-ref": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4",
+ "version": "8.4.0-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c41a6f900bb095727f706ed53dd52ff34f586cc8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "curl"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "libcurl@8.4.0-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "curl"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "8.4.0-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "libidn2",
+ "bom-ref": "pkg:apk/alpine/libidn2@2.3.4-r1?arch=x86_64&distro=3.18.4",
+ "version": "2.3.4-r1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "7bc3cd824a388677844c8e6e75ccf5344cf42f6f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL-3.0-or-later"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/libidn2@2.3.4-r1?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "libidn2@2.3.4-r1"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "libidn2"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "2.3.4-r1"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "libssl3",
+ "bom-ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "version": "3.1.3-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ceb37221d0f02272791d42e583b952031bcb7957"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "libssl3@3.1.3-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "openssl"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "3.1.3-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "libunistring",
+ "bom-ref": "pkg:apk/alpine/libunistring@1.1-r1?arch=x86_64&distro=3.18.4",
+ "version": "1.1-r1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "14ce8b4b122fdd33acb11cc7f106aa0561c219a1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL-3.0-or-later"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/libunistring@1.1-r1?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "libunistring@1.1-r1"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "libunistring"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.1-r1"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "musl",
+ "bom-ref": "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "version": "1.2.4-r2",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a1db4862d2b238283ab2e17f703698a7280bee1c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "musl@1.2.4-r2"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "musl"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.2.4-r2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "musl-utils",
+ "bom-ref": "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "version": "1.2.4-r2",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e7d3d748b5d59b030103457f166beb049a1ba5a9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ },
+ {
+ "license": {
+ "name": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "musl-utils@1.2.4-r2"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "musl"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.2.4-r2"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "nghttp2-libs",
+ "bom-ref": "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4",
+ "version": "1.57.0-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4bd70e60aa4f7d9ebf66b24725cb65ffbff4e0d3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "nghttp2-libs@1.57.0-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "nghttp2"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.57.0-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "oniguruma",
+ "bom-ref": "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4",
+ "version": "6.9.8-r1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1dd3c21a688d1215b13d2e6a5749d964b24768a9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "oniguruma@6.9.8-r1"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "oniguruma"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "6.9.8-r1"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "scanelf",
+ "bom-ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4",
+ "version": "1.3.7-r1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e27abda38faea3635a2db4d50d007751ea280b43"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "scanelf@1.3.7-r1"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "pax-utils"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.3.7-r1"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "ssl_client",
+ "bom-ref": "pkg:apk/alpine/ssl_client@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "version": "1.36.1-r4",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ac3c1290e79269349690f4e6e065a6ff2a6c7e26"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/ssl_client@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f62cd225330b873d42d26843c1c8c83c0d76df75f4f634f2583e44f3d19bf822"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:e4ad2c090cefe878e69e52693cea8bf245be49f6f6cf7e274ab0118ddc57853b"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "ssl_client@1.36.1-r4"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "busybox"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.36.1-r4"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "zlib",
+ "bom-ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4",
+ "version": "1.2.13-r1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2656e848992b378aa40dca24af8cde9e97161174"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "Zlib"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cc2447e1835a40530975ab80bb1f872fbab0f2a0faecf2ab16fbbb89b3589438"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:96526aa774ef0126ad0fe9e9a95764c5fc37f409ab9e97021e7b4775d82bf6fa"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "zlib@1.2.13-r1"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "zlib"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.2.13-r1"
+ }
+ ]
+ },
+ {
+ "type": "operating-system",
+ "name": "alpine",
+ "bom-ref": "cca71fe4-4ff2-41e1-8078-5e584c508a31",
+ "version": "3.18.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "os-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "alpine"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "1041129c-b3a8-4896-9ba4-cf92e58ed5d2",
+ "dependsOn": [
+ "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.6",
+ "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible",
+ "pkg:golang/github.com/briandowns/spinner@v1.23.0",
+ "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2",
+ "pkg:golang/github.com/dustin/go-humanize@v1.0.1",
+ "pkg:golang/github.com/fatih/color@v1.15.0",
+ "pkg:golang/github.com/google/go-github/v30@v30.1.0",
+ "pkg:golang/github.com/google/go-querystring@v1.1.0",
+ "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf",
+ "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51",
+ "pkg:golang/github.com/mattn/go-colorable@v0.1.13",
+ "pkg:golang/github.com/mattn/go-isatty@v0.0.17",
+ "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d",
+ "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0",
+ "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1",
+ "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9",
+ "pkg:golang/github.com/nats-io/jsm.go@v0.0.35",
+ "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2",
+ "pkg:golang/github.com/nats-io/nats.go@v1.24.0",
+ "pkg:golang/github.com/nats-io/nkeys@v0.4.4",
+ "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3",
+ "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0",
+ "pkg:golang/github.com/spf13/cobra@v1.6.1",
+ "pkg:golang/github.com/spf13/pflag@v1.0.5",
+ "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2",
+ "pkg:golang/github.com/ulikunitz/xz@v0.5.11",
+ "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5",
+ "pkg:golang/golang.org/x/crypto@v0.7.0",
+ "pkg:golang/golang.org/x/oauth2@v0.6.0",
+ "pkg:golang/golang.org/x/sys@v0.6.0",
+ "pkg:golang/golang.org/x/term@v0.6.0",
+ "pkg:golang/golang.org/x/text@v0.8.0",
+ "pkg:golang/gopkg.in/yaml.v3@v3.0.1"
+ ]
+ },
+ {
+ "ref": "4ce1b5d8-fb7a-4506-9c92-ff2ca0de8e69",
+ "dependsOn": [
+ "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.7",
+ "pkg:golang/github.com/antonmedv/expr@v1.15.2",
+ "pkg:golang/github.com/beorn7/perks@v1.0.1",
+ "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0",
+ "pkg:golang/github.com/choria-io/fisk@v0.6.0",
+ "pkg:golang/github.com/dustin/go-humanize@v1.0.1",
+ "pkg:golang/github.com/emicklei/dot@v1.6.0",
+ "pkg:golang/github.com/fatih/color@v1.15.0",
+ "pkg:golang/github.com/ghodss/yaml@v1.0.0",
+ "pkg:golang/github.com/golang/protobuf@v1.5.3",
+ "pkg:golang/github.com/google/go-cmp@v0.5.9",
+ "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510",
+ "pkg:golang/github.com/gosuri/uilive@v0.0.4",
+ "pkg:golang/github.com/gosuri/uiprogress@v0.0.1",
+ "pkg:golang/github.com/guptarohit/asciigraph@v0.5.6",
+ "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v1.1.2",
+ "pkg:golang/github.com/jedib0t/go-pretty/v6@v6.4.7",
+ "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51",
+ "pkg:golang/github.com/klauspost/compress@v1.17.0",
+ "pkg:golang/github.com/mattn/go-colorable@v0.1.13",
+ "pkg:golang/github.com/mattn/go-isatty@v0.0.19",
+ "pkg:golang/github.com/mattn/go-runewidth@v0.0.15",
+ "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4",
+ "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d",
+ "pkg:golang/github.com/minio/highwayhash@v1.0.2",
+ "pkg:golang/github.com/nats-io/jsm.go@v0.1.0",
+ "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2",
+ "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0",
+ "pkg:golang/github.com/nats-io/nats.go@v1.30.0",
+ "pkg:golang/github.com/nats-io/nkeys@v0.4.5",
+ "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "pkg:golang/github.com/prometheus/client_golang@v1.16.0",
+ "pkg:golang/github.com/prometheus/client_model@v0.4.0",
+ "pkg:golang/github.com/prometheus/common@v0.44.0",
+ "pkg:golang/github.com/prometheus/procfs@v0.11.1",
+ "pkg:golang/github.com/rivo/uniseg@v0.4.4",
+ "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1",
+ "pkg:golang/github.com/tylertreat/hdrhistogram-writer@v0.0.0-20210816161836-2e440612a39f",
+ "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5",
+ "pkg:golang/golang.org/x/crypto@v0.13.0",
+ "pkg:golang/golang.org/x/net@v0.15.0",
+ "pkg:golang/golang.org/x/sys@v0.12.0",
+ "pkg:golang/golang.org/x/term@v0.12.0",
+ "pkg:golang/golang.org/x/text@v0.13.0",
+ "pkg:golang/golang.org/x/time@v0.3.0",
+ "pkg:golang/google.golang.org/protobuf@v1.31.0",
+ "pkg:golang/gopkg.in/yaml.v2@v2.4.0",
+ "pkg:golang/gopkg.in/yaml.v3@v3.0.1"
+ ]
+ },
+ {
+ "ref": "cca71fe4-4ff2-41e1-8078-5e584c508a31",
+ "dependsOn": [
+ "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/figlet@2.2.5-r3?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/jq@1.6-r3?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libidn2@2.3.4-r1?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libunistring@1.1-r1?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/ssl_client@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "def80684-0ff2-4775-b7df-93952a5dd40e",
+ "dependsOn": [
+ "pkg:golang/github.com/klauspost/compress@v1.16.5",
+ "pkg:golang/github.com/mattn/go-runewidth@v0.0.14",
+ "pkg:golang/github.com/minio/highwayhash@v1.0.2",
+ "pkg:golang/github.com/nats-io/jwt/v2@v2.4.1",
+ "pkg:golang/github.com/nats-io/nats-server/v2@v2.9.19",
+ "pkg:golang/github.com/nats-io/nkeys@v0.4.4",
+ "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "pkg:golang/github.com/nsf/termbox-go@v1.1.1",
+ "pkg:golang/github.com/rivo/uniseg@v0.2.0",
+ "pkg:golang/golang.org/x/crypto@v0.9.0",
+ "pkg:golang/golang.org/x/sys@v0.8.0",
+ "pkg:golang/golang.org/x/time@v0.3.0",
+ "pkg:golang/gopkg.in/gizak/termui.v1@v1.0.0-20151021151108-e62b5929642a"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:apk/alpine/alpine-baselayout@3.4.3-r1?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/alpine-baselayout-data@3.4.3-r1?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64&distro=3.18.4",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:apk/alpine/apk-tools@2.14.0-r2?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/busybox@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ca-certificates-bundle@20230506-r0?arch=x86_64&distro=3.18.4",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/busybox-binsh@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/figlet@2.2.5-r3?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/jq@1.6-r3?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libc-utils@0.7.2-r5?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/brotli-libs@1.0.9-r14?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/ca-certificates@20230506-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libidn2@2.3.4-r1?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libidn2@2.3.4-r1?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/libunistring@1.1-r1?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libunistring@1.1-r1?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/musl-utils@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:apk/alpine/nghttp2-libs@1.57.0-r0?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/oniguruma@6.9.8-r1?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/scanelf@1.3.7-r1?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.36.1-r4?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64&distro=3.18.4",
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/zlib@1.2.13-r1?arch=x86_64&distro=3.18.4",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.4-r2?arch=x86_64&distro=3.18.4"
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.6",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/alecaivazis/survey/v2@v2.3.7",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/antonmedv/expr@v1.15.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/beorn7/perks@v1.0.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/briandowns/spinner@v1.23.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/choria-io/fisk@v0.6.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/dustin/go-humanize@v1.0.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/emicklei/dot@v1.6.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/fatih/color@v1.15.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/ghodss/yaml@v1.0.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/golang/protobuf@v1.5.3",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/google/go-cmp@v0.5.9",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/google/go-github/v30@v30.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/google/go-querystring@v1.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/google/shlex@v0.0.0-20191202100458-e7afc7fbc510",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/gosuri/uilive@v0.0.4",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/gosuri/uiprogress@v0.0.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.6",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v1.1.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/jedib0t/go-pretty/v6@v6.4.7",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/klauspost/compress@v1.16.5",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/klauspost/compress@v1.17.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mattn/go-colorable@v0.1.13",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mattn/go-isatty@v0.0.17",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mattn/go-isatty@v0.0.19",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.15",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/minio/highwayhash@v1.0.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jsm.go@v0.0.35",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jsm.go@v0.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt/v2@v2.4.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt/v2@v2.5.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.9.19",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats.go@v1.24.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats.go@v1.30.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.4",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.5",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nsf/termbox-go@v1.1.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/prometheus/client_golang@v1.16.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/prometheus/client_model@v0.4.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/prometheus/common@v0.44.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/prometheus/procfs@v0.11.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/rivo/uniseg@v0.2.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/rivo/uniseg@v0.4.4",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/spf13/cobra@v1.6.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/spf13/pflag@v1.0.5",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/tylertreat/hdrhistogram-writer@v0.0.0-20210816161836-2e440612a39f",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/ulikunitz/xz@v0.5.11",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.13.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.7.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.9.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.15.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/oauth2@v0.6.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/sys@v0.12.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/sys@v0.6.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/sys@v0.8.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/term@v0.12.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/term@v0.6.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/text@v0.13.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/text@v0.8.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/time@v0.3.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/google.golang.org/protobuf@v1.31.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/gopkg.in/gizak/termui.v1@v1.0.0-20151021151108-e62b5929642a",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/gopkg.in/yaml.v2@v2.4.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/gopkg.in/yaml.v3@v3.0.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:oci/nats-box@sha256%3Aa67913df95f1d5b265117e49e4c83228091d13d6783d80215ddcf84aba695ef4?arch=amd64&repository_url=index.docker.io%2Fnatsio%2Fnats-box",
+ "dependsOn": [
+ "1041129c-b3a8-4896-9ba4-cf92e58ed5d2",
+ "4ce1b5d8-fb7a-4506-9c92-ff2ca0de8e69",
+ "cca71fe4-4ff2-41e1-8078-5e584c508a31",
+ "def80684-0ff2-4775-b7df-93952a5dd40e"
+ ]
+ }
+ ],
+ "vulnerabilities": [
+ {
+ "advisories": [
+ {
+ "url": "golang.org/x/net"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:6077"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-39325"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
+ },
+ {
+ "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-39325"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2242803"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2243296"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2023-6077.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2023:6077"
+ },
+ {
+ "url": "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]"
+ },
+ {
+ "url": "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]"
+ },
+ {
+ "url": "https://github.com/golang/go/issues/63417"
+ },
+ {
+ "url": "https://go.dev/cl/534215"
+ },
+ {
+ "url": "https://go.dev/cl/534235"
+ },
+ {
+ "url": "https://go.dev/issue/63417"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-39325.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2023-5867.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-2102"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202311-09"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231110-0008"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6574-1"
+ },
+ {
+ "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.15.0",
+ "versions": [
+ {
+ "version": "v0.15.0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 770
+ ],
+ "description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.",
+ "id": "CVE-2023-39325",
+ "published": "2023-10-11T22:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.17.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2024-03-10T04:15:05+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:6746"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/cve-2023-44487"
+ },
+ {
+ "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size"
+ },
+ {
+ "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-44487"
+ },
+ {
+ "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011"
+ },
+ {
+ "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
+ },
+ {
+ "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack"
+ },
+ {
+ "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
+ },
+ {
+ "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack"
+ },
+ {
+ "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
+ },
+ {
+ "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty"
+ },
+ {
+ "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
+ },
+ {
+ "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
+ },
+ {
+ "url": "https://blog.vespa.ai/cve-2023-44487"
+ },
+ {
+ "url": "https://blog.vespa.ai/cve-2023-44487/"
+ },
+ {
+ "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2242803"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
+ },
+ {
+ "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
+ },
+ {
+ "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
+ },
+ {
+ "url": "https://chaos.social/@icing/111210915918780532"
+ },
+ {
+ "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps"
+ },
+ {
+ "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
+ },
+ {
+ "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
+ },
+ {
+ "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487"
+ },
+ {
+ "url": "https://devblogs.microsoft.com/dotnet/october-2023-updates/"
+ },
+ {
+ "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
+ },
+ {
+ "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2023-6746.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2023:5838"
+ },
+ {
+ "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
+ },
+ {
+ "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
+ },
+ {
+ "url": "https://github.com/Azure/AKS/issues/3947"
+ },
+ {
+ "url": "https://github.com/Kong/kong/discussions/11741"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
+ },
+ {
+ "url": "https://github.com/akka/akka-http/issues/4323"
+ },
+ {
+ "url": "https://github.com/alibaba/tengine/issues/1872"
+ },
+ {
+ "url": "https://github.com/apache/apisix/issues/10320"
+ },
+ {
+ "url": "https://github.com/apache/httpd-site/pull/10"
+ },
+ {
+ "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
+ },
+ {
+ "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
+ },
+ {
+ "url": "https://github.com/apache/trafficserver/pull/10564"
+ },
+ {
+ "url": "https://github.com/apple/swift-nio-http2"
+ },
+ {
+ "url": "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3"
+ },
+ {
+ "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
+ },
+ {
+ "url": "https://github.com/bcdannyboy/CVE-2023-44487"
+ },
+ {
+ "url": "https://github.com/caddyserver/caddy/issues/5877"
+ },
+ {
+ "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
+ },
+ {
+ "url": "https://github.com/dotnet/announcements/issues/277"
+ },
+ {
+ "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
+ },
+ {
+ "url": "https://github.com/eclipse/jetty.project/issues/10679"
+ },
+ {
+ "url": "https://github.com/envoyproxy/envoy/pull/30055"
+ },
+ {
+ "url": "https://github.com/etcd-io/etcd/issues/16740"
+ },
+ {
+ "url": "https://github.com/facebook/proxygen/pull/466"
+ },
+ {
+ "url": "https://github.com/golang/go/issues/63417"
+ },
+ {
+ "url": "https://github.com/grpc/grpc-go/pull/6703"
+ },
+ {
+ "url": "https://github.com/grpc/grpc-go/releases"
+ },
+ {
+ "url": "https://github.com/h2o/h2o/pull/3291"
+ },
+ {
+ "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
+ },
+ {
+ "url": "https://github.com/haproxy/haproxy/issues/2312"
+ },
+ {
+ "url": "https://github.com/hyperium/hyper/issues/3337"
+ },
+ {
+ "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
+ },
+ {
+ "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
+ },
+ {
+ "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
+ },
+ {
+ "url": "https://github.com/kazu-yamamoto/http2/issues/93"
+ },
+ {
+ "url": "https://github.com/kubernetes/kubernetes/pull/121120"
+ },
+ {
+ "url": "https://github.com/line/armeria/pull/5232"
+ },
+ {
+ "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
+ },
+ {
+ "url": "https://github.com/micrictor/http2-rst-stream"
+ },
+ {
+ "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
+ },
+ {
+ "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
+ },
+ {
+ "url": "https://github.com/nghttp2/nghttp2/pull/1961"
+ },
+ {
+ "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
+ },
+ {
+ "url": "https://github.com/ninenines/cowboy/issues/1615"
+ },
+ {
+ "url": "https://github.com/nodejs/node/pull/50121"
+ },
+ {
+ "url": "https://github.com/openresty/openresty/issues/930"
+ },
+ {
+ "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
+ },
+ {
+ "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
+ },
+ {
+ "url": "https://github.com/projectcontour/contour/pull/5826"
+ },
+ {
+ "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
+ },
+ {
+ "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
+ },
+ {
+ "url": "https://go.dev/cl/534215"
+ },
+ {
+ "url": "https://go.dev/cl/534235"
+ },
+ {
+ "url": "https://go.dev/issue/63417"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
+ },
+ {
+ "url": "https://istio.io/latest/news/security/istio-security-2023-004"
+ },
+ {
+ "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
+ },
+ {
+ "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487"
+ },
+ {
+ "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-44487.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2023-7205.html"
+ },
+ {
+ "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4"
+ },
+ {
+ "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
+ },
+ {
+ "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
+ },
+ {
+ "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
+ },
+ {
+ "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2"
+ },
+ {
+ "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
+ },
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
+ },
+ {
+ "url": "https://my.f5.com/manage/s/article/K000137106"
+ },
+ {
+ "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=37830987"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=37830998"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=37831062"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=37837043"
+ },
+ {
+ "url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
+ },
+ {
+ "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response"
+ },
+ {
+ "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-2102"
+ },
+ {
+ "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202311-09"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231016-0001"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
+ },
+ {
+ "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
+ },
+ {
+ "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
+ },
+ {
+ "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12"
+ },
+ {
+ "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94"
+ },
+ {
+ "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81"
+ },
+ {
+ "url": "https://ubuntu.com/security/CVE-2023-44487"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6427-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6427-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6438-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6505-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6574-1"
+ },
+ {
+ "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records"
+ },
+ {
+ "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
+ },
+ {
+ "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
+ },
+ {
+ "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5521"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5522"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5540"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5549"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5558"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5570"
+ },
+ {
+ "url": "https://www.eclipse.org/lists/jetty-announce/msg00181.html"
+ },
+ {
+ "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
+ },
+ {
+ "url": "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html"
+ },
+ {
+ "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487"
+ },
+ {
+ "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
+ },
+ {
+ "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products"
+ },
+ {
+ "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
+ },
+ {
+ "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
+ },
+ {
+ "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday"
+ },
+ {
+ "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.15.0",
+ "versions": [
+ {
+ "version": "v0.15.0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 400
+ ],
+ "description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
+ "id": "CVE-2023-44487",
+ "published": "2023-10-10T14:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.17.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2024-02-02T15:40:23+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/31/1"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-46129"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/secnote-2023-02.txt"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-46129"
+ },
+ {
+ "url": "https://github.com/nats-io/nkeys"
+ },
+ {
+ "url": "https://github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1"
+ },
+ {
+ "url": "https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46129"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-46129"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0",
+ "versions": [
+ {
+ "version": "v2.10.0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.4",
+ "versions": [
+ {
+ "version": "v0.4.4",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nkeys@v0.4.5",
+ "versions": [
+ {
+ "version": "v0.4.5",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 321,
+ 325
+ ],
+ "description": "NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. \nFIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.",
+ "id": "CVE-2023-46129",
+ "published": "2023-10-31T00:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.10.4; Upgrade github.com/nats-io/nkeys to version 0.4.6",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-29T03:15:42+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:1129"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-46218"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-46218"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2252030"
+ },
+ {
+ "url": "https://curl.se/docs/CVE-2023-46218.html"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2024-1129.html"
+ },
+ {
+ "url": "https://hackerone.com/reports/2212193"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-46218.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2024-1129.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46218"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240125-0007/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6535-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6641-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5587"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "8.4.0-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "8.4.0-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that\nare then passed back to more origins than what is otherwise allowed or\npossible. This allows a site to set cookies that then would get sent to\ndifferent and unrelated sites and domains.\n\nIt could do this by exploiting a mixed case flaw in curl's function that\nverifies a given cookie domain against the Public Suffix List (PSL). For\nexample a cookie could be set with `domain=co.UK` when the URL used a lower\ncase hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.\n",
+ "id": "CVE-2023-46218",
+ "published": "2023-12-07T01:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
+ }
+ ],
+ "recommendation": "Upgrade curl to version 8.5.0-r0; Upgrade libcurl to version 8.5.0-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2024-01-25T14:15:26+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-46219"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-46219"
+ },
+ {
+ "url": "https://curl.se/docs/CVE-2023-46219.html"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46219"
+ },
+ {
+ "url": "https://hackerone.com/reports/2236133"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46219"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240119-0007/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6535-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-46219"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5587"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/curl@8.4.0-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "8.4.0-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libcurl@8.4.0-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "8.4.0-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 311
+ ],
+ "description": "When saving HSTS data to an excessively long file name, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use.\n",
+ "id": "CVE-2023-46219",
+ "published": "2023-12-12T02:15:06+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 4.8,
+ "severity": "low",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
+ }
+ ],
+ "recommendation": "Upgrade curl to version 8.5.0-r0; Upgrade libcurl to version 8.5.0-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2024-01-19T16:15:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/30/1"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/secnote-2023-01.txt"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-47090"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/fa5b7afcb64e7e887e49afdd032358802b5c4478"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/discussions/4535"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/4605"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/releases/tag/v2.10.2"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/releases/tag/v2.9.23"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47090"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/10/13/2"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.10.0",
+ "versions": [
+ {
+ "version": "v2.10.0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.9.19",
+ "versions": [
+ {
+ "version": "v2.9.19",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 863
+ ],
+ "description": "NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.",
+ "id": "CVE-2023-47090",
+ "published": "2023-10-30T17:15:52+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.9.23, 2.10.2",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-08T00:15:54+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:1150"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-48795"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/cve-2023-48795"
+ },
+ {
+ "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack"
+ },
+ {
+ "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-48795"
+ },
+ {
+ "url": "https://bugs.gentoo.org/920280"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2254210"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
+ },
+ {
+ "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
+ },
+ {
+ "url": "https://crates.io/crates/thrussh/versions"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2024-1150.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2024:0628"
+ },
+ {
+ "url": "https://filezilla-project.org/versions.php"
+ },
+ {
+ "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
+ },
+ {
+ "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
+ },
+ {
+ "url": "https://github.com/NixOS/nixpkgs/pull/275249"
+ },
+ {
+ "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
+ },
+ {
+ "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
+ },
+ {
+ "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
+ },
+ {
+ "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
+ },
+ {
+ "url": "https://github.com/apache/mina-sshd/issues/445"
+ },
+ {
+ "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
+ },
+ {
+ "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
+ },
+ {
+ "url": "https://github.com/cyd01/KiTTY/issues/520"
+ },
+ {
+ "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
+ },
+ {
+ "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
+ },
+ {
+ "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
+ },
+ {
+ "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
+ },
+ {
+ "url": "https://github.com/hierynomus/sshj/issues/916"
+ },
+ {
+ "url": "https://github.com/janmojzis/tinyssh/issues/81"
+ },
+ {
+ "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
+ },
+ {
+ "url": "https://github.com/libssh2/libssh2/pull/1291"
+ },
+ {
+ "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
+ },
+ {
+ "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
+ },
+ {
+ "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
+ },
+ {
+ "url": "https://github.com/mwiede/jsch/issues/457"
+ },
+ {
+ "url": "https://github.com/mwiede/jsch/pull/461"
+ },
+ {
+ "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
+ },
+ {
+ "url": "https://github.com/openssh/openssh-portable/commits/master"
+ },
+ {
+ "url": "https://github.com/paramiko/paramiko/issues/2337"
+ },
+ {
+ "url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773"
+ },
+ {
+ "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
+ },
+ {
+ "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
+ },
+ {
+ "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
+ },
+ {
+ "url": "https://github.com/proftpd/proftpd/issues/456"
+ },
+ {
+ "url": "https://github.com/rapier1/hpn-ssh/releases"
+ },
+ {
+ "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
+ },
+ {
+ "url": "https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55"
+ },
+ {
+ "url": "https://github.com/ronf/asyncssh/tags"
+ },
+ {
+ "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
+ },
+ {
+ "url": "https://github.com/warp-tech/russh"
+ },
+ {
+ "url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951"
+ },
+ {
+ "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
+ },
+ {
+ "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8"
+ },
+ {
+ "url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
+ },
+ {
+ "url": "https://go.dev/cl/550715"
+ },
+ {
+ "url": "https://go.dev/issue/64784"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
+ },
+ {
+ "url": "https://help.panic.com/releasenotes/transmit5"
+ },
+ {
+ "url": "https://help.panic.com/releasenotes/transmit5/"
+ },
+ {
+ "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795"
+ },
+ {
+ "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-48795.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2024-12233.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
+ },
+ {
+ "url": "https://matt.ucc.asn.au/dropbear/CHANGES"
+ },
+ {
+ "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=38684904"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=38685286"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=38732005"
+ },
+ {
+ "url": "https://nova.app/releases/#v11.8"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
+ },
+ {
+ "url": "https://oryx-embedded.com/download/#changelog"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
+ },
+ {
+ "url": "https://roumenpetrov.info/secsh/#news20231220"
+ },
+ {
+ "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
+ },
+ {
+ "url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
+ },
+ {
+ "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
+ },
+ {
+ "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202312-16"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202312-17"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240105-0004"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT214084"
+ },
+ {
+ "url": "https://terrapin-attack.com/"
+ },
+ {
+ "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway"
+ },
+ {
+ "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
+ },
+ {
+ "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
+ },
+ {
+ "url": "https://ubuntu.com/security/CVE-2023-48795"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6560-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6560-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6561-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6585-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6589-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6598-1"
+ },
+ {
+ "url": "https://winscp.net/eng/docs/history#6.2.2"
+ },
+ {
+ "url": "https://www.bitvise.com/ssh-client-version-history#933"
+ },
+ {
+ "url": "https://www.bitvise.com/ssh-server-version-history"
+ },
+ {
+ "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
+ },
+ {
+ "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5586"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5588"
+ },
+ {
+ "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
+ },
+ {
+ "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
+ },
+ {
+ "url": "https://www.netsarang.com/en/xshell-update-history"
+ },
+ {
+ "url": "https://www.netsarang.com/en/xshell-update-history/"
+ },
+ {
+ "url": "https://www.openssh.com/openbsd.html"
+ },
+ {
+ "url": "https://www.openssh.com/txt/release-9.6"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/12/18/3"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
+ },
+ {
+ "url": "https://www.paramiko.org/changelog.html"
+ },
+ {
+ "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed"
+ },
+ {
+ "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
+ },
+ {
+ "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795"
+ },
+ {
+ "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
+ },
+ {
+ "url": "https://www.terrapin-attack.com"
+ },
+ {
+ "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
+ },
+ {
+ "url": "https://www.vandyke.com/products/securecrt/history.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.13.0",
+ "versions": [
+ {
+ "version": "v0.13.0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.7.0",
+ "versions": [
+ {
+ "version": "v0.7.0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.9.0",
+ "versions": [
+ {
+ "version": "v0.9.0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 354
+ ],
+ "description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
+ "id": "CVE-2023-48795",
+ "published": "2023-12-18T16:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.17.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2024-03-13T21:15:54+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/24/1"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:0310"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-5363"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-5363"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2243839"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5363"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2024-0310.html"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-5363.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2024-12093.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5363"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0010/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240201-0003/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240201-0004/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6450-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5532"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20231024.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "3.1.3-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "3.1.3-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.",
+ "id": "CVE-2023-5363",
+ "published": "2023-10-25T18:17:43+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto3 to version 3.1.4-r0; Upgrade libssl3 to version 3.1.4-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2024-02-01T17:15:08+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:7877"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-5678"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-5678"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2224962"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2227852"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2248616"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678"
+ },
+ {
+ "url": "https://errata.almalinux.org/8/ALSA-2023-7877.html"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-5678.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2024-12056.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231130-0010/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6622-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6632-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20231106.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "3.1.3-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "3.1.3-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 754
+ ],
+ "description": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\n\n",
+ "id": "CVE-2023-5678",
+ "published": "2023-11-06T16:15:42+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.3,
+ "severity": "low",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto3 to version 3.1.4-r1; Upgrade libssl3 to version 3.1.4-r1",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-30T22:15:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-6129"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-6129"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129"
+ },
+ {
+ "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35"
+ },
+ {
+ "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04"
+ },
+ {
+ "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6129"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240216-0009/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6622-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20240109.txt"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2024/01/09/1"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "3.1.3-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "3.1.3-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 787
+ ],
+ "description": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.",
+ "id": "CVE-2023-6129",
+ "published": "2024-01-09T17:15:12+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.5,
+ "severity": "low",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto3 to version 3.1.4-r3; Upgrade libssl3 to version 3.1.4-r3",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2024-02-16T13:15:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-6237"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-6237"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6237"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6622-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20240115.txt"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2024/01/15/2"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "3.1.3-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "3.1.3-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.",
+ "id": "CVE-2023-6237",
+ "ratings": [
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.9,
+ "severity": "low",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto3 to version 3.1.4-r4; Upgrade libssl3 to version 3.1.4-r4",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ }
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2024-0727"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2024-0727"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2"
+ },
+ {
+ "url": "https://github.com/github/advisory-database/pull/3472"
+ },
+ {
+ "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
+ },
+ {
+ "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
+ },
+ {
+ "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
+ },
+ {
+ "url": "https://github.com/openssl/openssl/pull/23362"
+ },
+ {
+ "url": "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d"
+ },
+ {
+ "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8"
+ },
+ {
+ "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240208-0006"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240208-0006/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6622-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6632-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20240125.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "3.1.3-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl3@3.1.3-r0?arch=x86_64\u0026distro=3.18.4",
+ "versions": [
+ {
+ "version": "3.1.3-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.",
+ "id": "CVE-2024-0727",
+ "published": "2024-01-26T09:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.5,
+ "severity": "low",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 5.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto3 to version 3.1.4-r5; Upgrade libssl3 to version 3.1.4-r5",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2024-02-08T10:15:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2024-24786"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2024-24786"
+ },
+ {
+ "url": "https://github.com/protocolbuffers/protobuf-go"
+ },
+ {
+ "url": "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023"
+ },
+ {
+ "url": "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0"
+ },
+ {
+ "url": "https://go.dev/cl/569356"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2024-2611"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/google.golang.org/protobuf@v1.31.0",
+ "versions": [
+ {
+ "version": "v1.31.0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
+ "id": "CVE-2024-24786",
+ "published": "2024-03-05T23:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade google.golang.org/protobuf to version 1.33.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2024-03-06T15:18:08+00:00"
+ }
+ ]
+}
diff --git a/test/diff/panic/nats2.json b/test/diff/panic/nats2.json
new file mode 100644
index 00000000..85a07c87
--- /dev/null
+++ b/test/diff/panic/nats2.json
@@ -0,0 +1,12212 @@
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.5",
+ "serialNumber": "urn:uuid:bc1d1e2d-8e64-4b3a-96b7-651de3b09048",
+ "version": 1,
+ "metadata": {
+ "timestamp": "2024-03-20T14:47:22+00:00",
+ "tools": {
+ "components": [
+ {
+ "group": "aquasecurity",
+ "name": "trivy",
+ "type": "application",
+ "version": "0.50.0"
+ }
+ ]
+ },
+ "component": {
+ "type": "container",
+ "name": "natsio/nats-box",
+ "bom-ref": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fnatsio%2Fnats-box",
+ "purl": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fnatsio%2Fnats-box",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:DiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:DiffID",
+ "value": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef"
+ },
+ {
+ "name": "aquasecurity:trivy:DiffID",
+ "value": "sha256:99fda372d2c549fd72cbf862d913eb50cd5c11bb91bec9fb184949cbfb64458f"
+ },
+ {
+ "name": "aquasecurity:trivy:DiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:DiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:DiffID",
+ "value": "sha256:f71b4f2368074b5ba538e48e56b57707ce43ff5db5b61a62a79b8964cd352ca2"
+ },
+ {
+ "name": "aquasecurity:trivy:DiffID",
+ "value": "sha256:fda576d64980d61afb430261e6b3fa3ffea212184de4ee4a7bc03ce5e7625d75"
+ },
+ {
+ "name": "aquasecurity:trivy:ImageID",
+ "value": "sha256:ae9af06d3d21fa924dfce9dcaa3d39eb4c5c04b6e03fbc88e4750685e4c74745"
+ },
+ {
+ "name": "aquasecurity:trivy:RepoDigest",
+ "value": "natsio/nats-box@sha256:caf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be"
+ },
+ {
+ "name": "aquasecurity:trivy:RepoTag",
+ "value": "natsio/nats-box:latest"
+ },
+ {
+ "name": "aquasecurity:trivy:SchemaVersion",
+ "value": "2"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "application",
+ "name": "usr/local/bin/nats",
+ "bom-ref": "d7122973-9d0f-4e27-bc7b-f3930bde6889",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "lang-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "application",
+ "name": "usr/local/bin/nats-top",
+ "bom-ref": "5e630d92-734e-441e-97bc-292689866d19",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "lang-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "application",
+ "name": "usr/local/bin/nsc",
+ "bom-ref": "fff3d909-640a-4173-b0c3-b23507dd77d3",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "lang-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "application",
+ "name": "usr/local/bin/stan-bench",
+ "bom-ref": "37100b09-d58e-456b-bf66-96cb133c434d",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "lang-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "application",
+ "name": "usr/local/bin/stan-pub",
+ "bom-ref": "5bedfcbd-bcb9-4b36-ac1c-69b77c8b0b45",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "lang-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "application",
+ "name": "usr/local/bin/stan-sub",
+ "bom-ref": "17d6a00d-ad1c-422f-ab52-07d021d4d62a",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "lang-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "alpine-baselayout",
+ "bom-ref": "pkg:apk/alpine/alpine-baselayout@3.2.0-r8?arch=x86_64&distro=3.13.2",
+ "version": "3.2.0-r8",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "15d2b578fd7e8841b6f4cc80134ca504c2023317"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/alpine-baselayout@3.2.0-r8?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "alpine-baselayout@3.2.0-r8"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "alpine-baselayout"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "3.2.0-r8"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "alpine-keys",
+ "bom-ref": "pkg:apk/alpine/alpine-keys@2.2-r0?arch=x86_64&distro=3.13.2",
+ "version": "2.2-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2e1db77e486469f7e25f3eac47ee2742f51f9153"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/alpine-keys@2.2-r0?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "alpine-keys@2.2-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "alpine-keys"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "2.2-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "apk-tools",
+ "bom-ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64&distro=3.13.2",
+ "version": "2.12.1-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b719126b7bd2a798662ada563c69d051d665549a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "apk-tools@2.12.1-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "apk-tools"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "2.12.1-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "busybox",
+ "bom-ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2",
+ "version": "1.32.1-r3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ea87905ba6c33fbb95c0252a3610001076fbe59e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "busybox@1.32.1-r3"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "busybox"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.32.1-r3"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "ca-certificates",
+ "bom-ref": "pkg:apk/alpine/ca-certificates@20191127-r5?arch=x86_64&distro=3.13.2",
+ "version": "20191127-r5",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9a32ec5e560733e17a671fba0128e6a3ebef5ce3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "MPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/ca-certificates@20191127-r5?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f71b4f2368074b5ba538e48e56b57707ce43ff5db5b61a62a79b8964cd352ca2"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:8591fa42d73dba5b01bf828e8426f087f6ba2be53d81e6b881e6ec7944834df6"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "ca-certificates@20191127-r5"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "ca-certificates"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "20191127-r5"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "ca-certificates-bundle",
+ "bom-ref": "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64&distro=3.13.2",
+ "version": "20191127-r5",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9d95958d8cdac1af141d414024905c7ce861458d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "MPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "ca-certificates-bundle@20191127-r5"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "ca-certificates"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "20191127-r5"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "figlet",
+ "bom-ref": "pkg:apk/alpine/figlet@2.2.5-r1?arch=x86_64&distro=3.13.2",
+ "version": "2.2.5-r1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2a09a857775ed6d8dbba1fb9dfcf6879f1cf1b04"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/figlet@2.2.5-r1?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:f71b4f2368074b5ba538e48e56b57707ce43ff5db5b61a62a79b8964cd352ca2"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:8591fa42d73dba5b01bf828e8426f087f6ba2be53d81e6b881e6ec7944834df6"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "figlet@2.2.5-r1"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "figlet"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "2.2.5-r1"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/AlecAivazis/survey/v2",
+ "bom-ref": "02c6e323-75c9-41ad-a48b-ea236df51a1a",
+ "version": "v2.2.12",
+ "purl": "pkg:golang/github.com/alecaivazis/survey/v2@v2.2.12",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/AlecAivazis/survey/v2",
+ "bom-ref": "f0745570-156e-489b-9743-7a6c34f2b983",
+ "version": "v2.2.12",
+ "purl": "pkg:golang/github.com/alecaivazis/survey/v2@v2.2.12",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/HdrHistogram/hdrhistogram-go",
+ "bom-ref": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v0.9.0",
+ "version": "v0.9.0",
+ "purl": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v0.9.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/alecthomas/template",
+ "bom-ref": "pkg:golang/github.com/alecthomas/template@v0.0.0-20190718012654-fb15b899a751",
+ "version": "v0.0.0-20190718012654-fb15b899a751",
+ "purl": "pkg:golang/github.com/alecthomas/template@v0.0.0-20190718012654-fb15b899a751",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/alecthomas/units",
+ "bom-ref": "pkg:golang/github.com/alecthomas/units@v0.0.0-20210208195552-ff826a37aa15",
+ "version": "v0.0.0-20210208195552-ff826a37aa15",
+ "purl": "pkg:golang/github.com/alecthomas/units@v0.0.0-20210208195552-ff826a37aa15",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/blang/semver",
+ "bom-ref": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible",
+ "version": "v3.5.1+incompatible",
+ "purl": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/briandowns/spinner",
+ "bom-ref": "pkg:golang/github.com/briandowns/spinner@v1.12.0",
+ "version": "v1.12.0",
+ "purl": "pkg:golang/github.com/briandowns/spinner@v1.12.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/cpuguy83/go-md2man/v2",
+ "bom-ref": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.0",
+ "version": "v2.0.0",
+ "purl": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/dustin/go-humanize",
+ "bom-ref": "7dba7372-931a-407d-a918-76bcac292907",
+ "version": "v1.0.0",
+ "purl": "pkg:golang/github.com/dustin/go-humanize@v1.0.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/dustin/go-humanize",
+ "bom-ref": "ae9d8fc6-a066-4e24-bc8c-cdfe17a737c0",
+ "version": "v1.0.0",
+ "purl": "pkg:golang/github.com/dustin/go-humanize@v1.0.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/emicklei/dot",
+ "bom-ref": "pkg:golang/github.com/emicklei/dot@v0.15.0",
+ "version": "v0.15.0",
+ "purl": "pkg:golang/github.com/emicklei/dot@v0.15.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/fatih/color",
+ "bom-ref": "036e29ed-0565-4dff-be02-dc8e2b0376d7",
+ "version": "v1.10.0",
+ "purl": "pkg:golang/github.com/fatih/color@v1.10.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/fatih/color",
+ "bom-ref": "c85c3481-4815-486c-82e9-dba0f7a3eac6",
+ "version": "v1.10.0",
+ "purl": "pkg:golang/github.com/fatih/color@v1.10.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/fsnotify/fsnotify",
+ "bom-ref": "pkg:golang/github.com/fsnotify/fsnotify@v1.4.9",
+ "version": "v1.4.9",
+ "purl": "pkg:golang/github.com/fsnotify/fsnotify@v1.4.9",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/ghodss/yaml",
+ "bom-ref": "pkg:golang/github.com/ghodss/yaml@v1.0.0",
+ "version": "v1.0.0",
+ "purl": "pkg:golang/github.com/ghodss/yaml@v1.0.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/gogo/protobuf",
+ "bom-ref": "4497229a-93b4-4299-a9e6-a1070b6ffda5",
+ "version": "v1.3.2",
+ "purl": "pkg:golang/github.com/gogo/protobuf@v1.3.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/gogo/protobuf",
+ "bom-ref": "90b91b63-c94e-469d-87ef-b98807e67bfb",
+ "version": "v1.3.2",
+ "purl": "pkg:golang/github.com/gogo/protobuf@v1.3.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/gogo/protobuf",
+ "bom-ref": "d99b8db3-8f9e-41a4-bb16-0c1936f401d3",
+ "version": "v1.3.2",
+ "purl": "pkg:golang/github.com/gogo/protobuf@v1.3.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/google/go-cmp",
+ "bom-ref": "pkg:golang/github.com/google/go-cmp@v0.5.5",
+ "version": "v0.5.5",
+ "purl": "pkg:golang/github.com/google/go-cmp@v0.5.5",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/google/go-github/v30",
+ "bom-ref": "pkg:golang/github.com/google/go-github/v30@v30.1.0",
+ "version": "v30.1.0",
+ "purl": "pkg:golang/github.com/google/go-github/v30@v30.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/google/go-querystring",
+ "bom-ref": "pkg:golang/github.com/google/go-querystring@v1.1.0",
+ "version": "v1.1.0",
+ "purl": "pkg:golang/github.com/google/go-querystring@v1.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/gosuri/uilive",
+ "bom-ref": "pkg:golang/github.com/gosuri/uilive@v0.0.4",
+ "version": "v0.0.4",
+ "purl": "pkg:golang/github.com/gosuri/uilive@v0.0.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/gosuri/uiprogress",
+ "bom-ref": "pkg:golang/github.com/gosuri/uiprogress@v0.0.1",
+ "version": "v0.0.1",
+ "purl": "pkg:golang/github.com/gosuri/uiprogress@v0.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/guptarohit/asciigraph",
+ "bom-ref": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.2",
+ "version": "v0.5.2",
+ "purl": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/hashicorp/hcl",
+ "bom-ref": "pkg:golang/github.com/hashicorp/hcl@v1.0.0",
+ "version": "v1.0.0",
+ "purl": "pkg:golang/github.com/hashicorp/hcl@v1.0.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/inconshreveable/go-update",
+ "bom-ref": "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf",
+ "version": "v0.0.0-20160112193335-8152e7eb6ccf",
+ "purl": "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/kballard/go-shellquote",
+ "bom-ref": "1044da61-152a-465b-8952-c9e949247616",
+ "version": "v0.0.0-20180428030007-95032a82bc51",
+ "purl": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/kballard/go-shellquote",
+ "bom-ref": "5b9357f0-f8fd-4f05-a2c8-d43d47bad559",
+ "version": "v0.0.0-20180428030007-95032a82bc51",
+ "purl": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/klauspost/compress",
+ "bom-ref": "pkg:golang/github.com/klauspost/compress@v1.12.1",
+ "version": "v1.12.1",
+ "purl": "pkg:golang/github.com/klauspost/compress@v1.12.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/magiconair/properties",
+ "bom-ref": "pkg:golang/github.com/magiconair/properties@v1.8.5",
+ "version": "v1.8.5",
+ "purl": "pkg:golang/github.com/magiconair/properties@v1.8.5",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mattn/go-colorable",
+ "bom-ref": "3550f049-6eb2-41a9-8e67-eec39e46a33d",
+ "version": "v0.1.8",
+ "purl": "pkg:golang/github.com/mattn/go-colorable@v0.1.8",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mattn/go-colorable",
+ "bom-ref": "8623282c-313d-4047-9f16-bcfd7e550997",
+ "version": "v0.1.8",
+ "purl": "pkg:golang/github.com/mattn/go-colorable@v0.1.8",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mattn/go-isatty",
+ "bom-ref": "6bd9a336-e7bc-41d1-8c95-294cb3eb6726",
+ "version": "v0.0.12",
+ "purl": "pkg:golang/github.com/mattn/go-isatty@v0.0.12",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mattn/go-isatty",
+ "bom-ref": "e2cef7b8-d52f-49c6-9c4c-fce547506589",
+ "version": "v0.0.12",
+ "purl": "pkg:golang/github.com/mattn/go-isatty@v0.0.12",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mattn/go-runewidth",
+ "bom-ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.1",
+ "version": "v0.0.1",
+ "purl": "pkg:golang/github.com/mattn/go-runewidth@v0.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mgutz/ansi",
+ "bom-ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20170206155736-9520e82c474b",
+ "version": "v0.0.0-20170206155736-9520e82c474b",
+ "purl": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20170206155736-9520e82c474b",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mgutz/ansi",
+ "bom-ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d",
+ "version": "v0.0.0-20200706080929-d51e80ef957d",
+ "purl": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/minio/highwayhash",
+ "bom-ref": "pkg:golang/github.com/minio/highwayhash@v1.0.1",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/minio/highwayhash@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mitchellh/go-homedir",
+ "bom-ref": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0",
+ "version": "v1.1.0",
+ "purl": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mitchellh/go-wordwrap",
+ "bom-ref": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/mitchellh/mapstructure",
+ "bom-ref": "pkg:golang/github.com/mitchellh/mapstructure@v1.4.1",
+ "version": "v1.4.1",
+ "purl": "pkg:golang/github.com/mitchellh/mapstructure@v1.4.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/cliprompts/v2",
+ "bom-ref": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9",
+ "version": "v2.0.0-20200221130455-2737f3b8cbb9",
+ "purl": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jsm.go",
+ "bom-ref": "pkg:golang/github.com/nats-io/jsm.go@v0.0.23",
+ "version": "v0.0.23",
+ "purl": "pkg:golang/github.com/nats-io/jsm.go@v0.0.23",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jwt",
+ "bom-ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "version": "v0.3.2",
+ "purl": "pkg:golang/github.com/nats-io/jwt@v0.3.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jwt",
+ "bom-ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "version": "v0.3.2",
+ "purl": "pkg:golang/github.com/nats-io/jwt@v0.3.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jwt",
+ "bom-ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "version": "v0.3.2",
+ "purl": "pkg:golang/github.com/nats-io/jwt@v0.3.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jwt",
+ "bom-ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0",
+ "version": "v1.1.0",
+ "purl": "pkg:golang/github.com/nats-io/jwt@v1.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jwt",
+ "bom-ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2",
+ "version": "v1.2.2",
+ "purl": "pkg:golang/github.com/nats-io/jwt@v1.2.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jwt/v2",
+ "bom-ref": "d8213071-7f1e-4f2e-bdac-e66ee0c2dde6",
+ "version": "v2.0.1",
+ "purl": "pkg:golang/github.com/nats-io/jwt/v2@v2.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/jwt/v2",
+ "bom-ref": "f97ba060-ad20-45f4-ac69-fc24d30411ad",
+ "version": "v2.0.1",
+ "purl": "pkg:golang/github.com/nats-io/jwt/v2@v2.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats-server/v2",
+ "bom-ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "version": "v2.1.9",
+ "purl": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats-server/v2",
+ "bom-ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2",
+ "version": "v2.2.2",
+ "purl": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats.go",
+ "bom-ref": "232a0439-a241-452a-be09-f5d63c6335ef",
+ "version": "v1.10.0",
+ "purl": "pkg:golang/github.com/nats-io/nats.go@v1.10.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats.go",
+ "bom-ref": "7b125efc-c47a-449d-b273-75828649b1a4",
+ "version": "v1.10.0",
+ "purl": "pkg:golang/github.com/nats-io/nats.go@v1.10.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats.go",
+ "bom-ref": "ad12cc30-75c9-4dbe-9cd7-19b5b086be4e",
+ "version": "v1.10.0",
+ "purl": "pkg:golang/github.com/nats-io/nats.go@v1.10.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats.go",
+ "bom-ref": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20201021145452-94be476ad6e0",
+ "version": "v1.10.1-0.20201021145452-94be476ad6e0",
+ "purl": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20201021145452-94be476ad6e0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nats.go",
+ "bom-ref": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20210427145106-109f3dd25f10",
+ "version": "v1.10.1-0.20210427145106-109f3dd25f10",
+ "purl": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20210427145106-109f3dd25f10",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nkeys",
+ "bom-ref": "00d71201-cd27-4648-ad71-190cd4b4abf8",
+ "version": "v0.1.4",
+ "purl": "pkg:golang/github.com/nats-io/nkeys@v0.1.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nkeys",
+ "bom-ref": "3a508e2a-ffa6-44b1-a334-46b9aaaf403b",
+ "version": "v0.1.4",
+ "purl": "pkg:golang/github.com/nats-io/nkeys@v0.1.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nkeys",
+ "bom-ref": "417740b7-723b-4313-8059-5f1b4945dc11",
+ "version": "v0.1.4",
+ "purl": "pkg:golang/github.com/nats-io/nkeys@v0.1.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nkeys",
+ "bom-ref": "8d4a3605-99a8-40ad-960e-858be6815082",
+ "version": "v0.1.4",
+ "purl": "pkg:golang/github.com/nats-io/nkeys@v0.1.4",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nkeys",
+ "bom-ref": "8075733b-5b92-4bdc-9b3a-1ea48bff49ad",
+ "version": "v0.3.0",
+ "purl": "pkg:golang/github.com/nats-io/nkeys@v0.3.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nkeys",
+ "bom-ref": "d3c7fe00-7922-44b3-ab7a-6815c8754dfa",
+ "version": "v0.3.0",
+ "purl": "pkg:golang/github.com/nats-io/nkeys@v0.3.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nuid",
+ "bom-ref": "26b20f66-3994-4e05-adb5-c3a663fdc0d3",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nuid",
+ "bom-ref": "2ce6cbe0-970f-4185-9e29-4e61713b2391",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nuid",
+ "bom-ref": "2dabc52f-279a-4393-91e6-5b3034b68d60",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nuid",
+ "bom-ref": "4fbc1e52-81cf-4163-a4c0-dfc0ae24f480",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nuid",
+ "bom-ref": "af137522-c78a-4301-becc-f921d74266c9",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nats-io/nuid",
+ "bom-ref": "dcadec35-53bc-493d-910d-9e96306127d1",
+ "version": "v1.0.1",
+ "purl": "pkg:golang/github.com/nats-io/nuid@v1.0.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/nsf/termbox-go",
+ "bom-ref": "pkg:golang/github.com/nsf/termbox-go@v0.0.0-20160808045038-e8f6d27f72a2",
+ "version": "v0.0.0-20160808045038-e8f6d27f72a2",
+ "purl": "pkg:golang/github.com/nsf/termbox-go@v0.0.0-20160808045038-e8f6d27f72a2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/pelletier/go-toml",
+ "bom-ref": "pkg:golang/github.com/pelletier/go-toml@v1.9.0",
+ "version": "v1.9.0",
+ "purl": "pkg:golang/github.com/pelletier/go-toml@v1.9.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/rhysd/go-github-selfupdate",
+ "bom-ref": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3",
+ "version": "v1.2.3",
+ "purl": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/russross/blackfriday/v2",
+ "bom-ref": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0",
+ "version": "v2.1.0",
+ "purl": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/spf13/afero",
+ "bom-ref": "pkg:golang/github.com/spf13/afero@v1.6.0",
+ "version": "v1.6.0",
+ "purl": "pkg:golang/github.com/spf13/afero@v1.6.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/spf13/cast",
+ "bom-ref": "pkg:golang/github.com/spf13/cast@v1.3.1",
+ "version": "v1.3.1",
+ "purl": "pkg:golang/github.com/spf13/cast@v1.3.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/spf13/cobra",
+ "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.1.3",
+ "version": "v1.1.3",
+ "purl": "pkg:golang/github.com/spf13/cobra@v1.1.3",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/spf13/jwalterweatherman",
+ "bom-ref": "pkg:golang/github.com/spf13/jwalterweatherman@v1.1.0",
+ "version": "v1.1.0",
+ "purl": "pkg:golang/github.com/spf13/jwalterweatherman@v1.1.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/spf13/pflag",
+ "bom-ref": "pkg:golang/github.com/spf13/pflag@v1.0.5",
+ "version": "v1.0.5",
+ "purl": "pkg:golang/github.com/spf13/pflag@v1.0.5",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/spf13/viper",
+ "bom-ref": "pkg:golang/github.com/spf13/viper@v1.7.1",
+ "version": "v1.7.1",
+ "purl": "pkg:golang/github.com/spf13/viper@v1.7.1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/subosito/gotenv",
+ "bom-ref": "pkg:golang/github.com/subosito/gotenv@v1.2.0",
+ "version": "v1.2.0",
+ "purl": "pkg:golang/github.com/subosito/gotenv@v1.2.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/tcnksm/go-gitconfig",
+ "bom-ref": "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2",
+ "version": "v0.1.2",
+ "purl": "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/tylertreat/hdrhistogram-writer",
+ "bom-ref": "pkg:golang/github.com/tylertreat/hdrhistogram-writer@v0.0.0-20180430173243-73b8d31ba571",
+ "version": "v0.0.0-20180430173243-73b8d31ba571",
+ "purl": "pkg:golang/github.com/tylertreat/hdrhistogram-writer@v0.0.0-20180430173243-73b8d31ba571",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/ulikunitz/xz",
+ "bom-ref": "pkg:golang/github.com/ulikunitz/xz@v0.5.10",
+ "version": "v0.5.10",
+ "purl": "pkg:golang/github.com/ulikunitz/xz@v0.5.10",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/xeipuuv/gojsonpointer",
+ "bom-ref": "pkg:golang/github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb",
+ "version": "v0.0.0-20190905194746-02993c407bfb",
+ "purl": "pkg:golang/github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/xeipuuv/gojsonreference",
+ "bom-ref": "pkg:golang/github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415",
+ "version": "v0.0.0-20180127040603-bd5ef7bd5415",
+ "purl": "pkg:golang/github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/xeipuuv/gojsonschema",
+ "bom-ref": "pkg:golang/github.com/xeipuuv/gojsonschema@v1.2.0",
+ "version": "v1.2.0",
+ "purl": "pkg:golang/github.com/xeipuuv/gojsonschema@v1.2.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/xlab/tablewriter",
+ "bom-ref": "1f71cc2c-4dae-4721-a209-956d08b69871",
+ "version": "v0.0.0-20160610135559-80b567a11ad5",
+ "purl": "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "github.com/xlab/tablewriter",
+ "bom-ref": "63635711-87a0-4f17-a181-a1a240810ec4",
+ "version": "v0.0.0-20160610135559-80b567a11ad5",
+ "purl": "pkg:golang/github.com/xlab/tablewriter@v0.0.0-20160610135559-80b567a11ad5",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/crypto",
+ "bom-ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/crypto",
+ "bom-ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/crypto",
+ "bom-ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/crypto",
+ "bom-ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20200622213623-75b288015ac9",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/crypto",
+ "bom-ref": "84eac386-ca89-4217-8a72-84d77e3bd144",
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20210421170649-83a5a9bb288b",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/crypto",
+ "bom-ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c",
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20210421170649-83a5a9bb288b",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/net",
+ "bom-ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "purl": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/oauth2",
+ "bom-ref": "pkg:golang/golang.org/x/oauth2@v0.0.0-20210427180440-81ed05c6b58c",
+ "version": "v0.0.0-20210427180440-81ed05c6b58c",
+ "purl": "pkg:golang/golang.org/x/oauth2@v0.0.0-20210427180440-81ed05c6b58c",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/sys",
+ "bom-ref": "pkg:golang/golang.org/x/sys@v0.0.0-20210421221651-33663a62ff08",
+ "version": "v0.0.0-20210421221651-33663a62ff08",
+ "purl": "pkg:golang/golang.org/x/sys@v0.0.0-20210421221651-33663a62ff08",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/sys",
+ "bom-ref": "pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887",
+ "version": "v0.0.0-20210426230700-d19ff857e887",
+ "purl": "pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/term",
+ "bom-ref": "a6b681f9-0866-480c-9a19-7df19b930d0d",
+ "version": "v0.0.0-20210422114643-f5beecf764ed",
+ "purl": "pkg:golang/golang.org/x/term@v0.0.0-20210422114643-f5beecf764ed",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/term",
+ "bom-ref": "ab2a2a27-ce28-429e-a2d9-985a5b58ff2f",
+ "version": "v0.0.0-20210422114643-f5beecf764ed",
+ "purl": "pkg:golang/golang.org/x/term@v0.0.0-20210422114643-f5beecf764ed",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/text",
+ "bom-ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77",
+ "version": "v0.3.6",
+ "purl": "pkg:golang/golang.org/x/text@v0.3.6",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/text",
+ "bom-ref": "99b7b900-55f8-4676-8c8f-32262681845b",
+ "version": "v0.3.6",
+ "purl": "pkg:golang/golang.org/x/text@v0.3.6",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "golang.org/x/time",
+ "bom-ref": "pkg:golang/golang.org/x/time@v0.0.0-20200416051211-89c76fbcd5d1",
+ "version": "v0.0.0-20200416051211-89c76fbcd5d1",
+ "purl": "pkg:golang/golang.org/x/time@v0.0.0-20200416051211-89c76fbcd5d1",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "gopkg.in/alecthomas/kingpin.v2",
+ "bom-ref": "pkg:golang/gopkg.in/alecthomas/kingpin.v2@v2.2.6",
+ "version": "v2.2.6",
+ "purl": "pkg:golang/gopkg.in/alecthomas/kingpin.v2@v2.2.6",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "gopkg.in/gizak/termui.v1",
+ "bom-ref": "pkg:golang/gopkg.in/gizak/termui.v1@v1.0.0-20151021151108-e62b5929642a",
+ "version": "v1.0.0-20151021151108-e62b5929642a",
+ "purl": "pkg:golang/gopkg.in/gizak/termui.v1@v1.0.0-20151021151108-e62b5929642a",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "gopkg.in/ini.v1",
+ "bom-ref": "pkg:golang/gopkg.in/ini.v1@v1.62.0",
+ "version": "v1.62.0",
+ "purl": "pkg:golang/gopkg.in/ini.v1@v1.62.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "gopkg.in/yaml.v2",
+ "bom-ref": "bedd6971-db83-4b95-a3ec-2d000422efed",
+ "version": "v2.4.0",
+ "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:e6beccd82255a68627116aea57b3e289359ab8bf4575b94228c4b3bbae16dd23"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:417204a428f254546a3dd352242983aa9972e86c55e2762122fe88cb385ed6b9"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "gopkg.in/yaml.v2",
+ "bom-ref": "ce8adfce-acb4-4fe1-b310-bd23e88e4e57",
+ "version": "v2.4.0",
+ "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:3fd49cd6af694330a549c552a5d678b75306aca9fca7fcaf18867753c5a24f36"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:248f99e65485110dd520fd318b3141c527b038657cb66255a0af748170cd9ade"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "gobinary"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "libc-utils",
+ "bom-ref": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64&distro=3.13.2",
+ "version": "0.7.2-r3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "261cab49287a370b3889e6ec33afd51c2c703df4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "libc-utils@0.7.2-r3"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "libc-dev"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "0.7.2-r3"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "libcrypto1.1",
+ "bom-ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "version": "1.1.1j-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5adb82dd79a48d631f9aef830e4183187811bce7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "OpenSSL"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "libcrypto1.1@1.1.1j-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "openssl"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.1.1j-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "libssl1.1",
+ "bom-ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "version": "1.1.1j-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "0640f8669ebb73d9f34f64bf044b6caa91191077"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "OpenSSL"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "libssl1.1@1.1.1j-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "openssl"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.1.1j-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "libtls-standalone",
+ "bom-ref": "pkg:apk/alpine/libtls-standalone@2.9.1-r1?arch=x86_64&distro=3.13.2",
+ "version": "2.9.1-r1",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "82d33d0f18a70fdb1b8c9327ae23a196d5bbb0d4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/libtls-standalone@2.9.1-r1?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "libtls-standalone@2.9.1-r1"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "libtls-standalone"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "2.9.1-r1"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "musl",
+ "bom-ref": "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2",
+ "version": "1.2.2-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d0dbb978de30ae1f165ee240d89692c2a3a52721"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "musl@1.2.2-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "musl"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.2.2-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "musl-utils",
+ "bom-ref": "pkg:apk/alpine/musl-utils@1.2.2-r0?arch=x86_64&distro=3.13.2",
+ "version": "1.2.2-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "0f7258226eb526d3701b14343d4b0f0aecae13bc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ },
+ {
+ "license": {
+ "name": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/musl-utils@1.2.2-r0?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "musl-utils@1.2.2-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "musl"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.2.2-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "scanelf",
+ "bom-ref": "pkg:apk/alpine/scanelf@1.2.8-r0?arch=x86_64&distro=3.13.2",
+ "version": "1.2.8-r0",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "39824e854e7520bc03411c0d89882ab6af7cebfa"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/scanelf@1.2.8-r0?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "scanelf@1.2.8-r0"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "pax-utils"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.2.8-r0"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "ssl_client",
+ "bom-ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2",
+ "version": "1.32.1-r3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "18b22c9a0ce4aacdd4ab48e1696ccf70f98068dc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "ssl_client@1.32.1-r3"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "busybox"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.32.1-r3"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "zlib",
+ "bom-ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2",
+ "version": "1.2.11-r3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "36bf58da74d48e0011cb00b7e27f4d114b772cee"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "Zlib"
+ }
+ }
+ ],
+ "purl": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:LayerDiffID",
+ "value": "sha256:cb381a32b2296e4eb5af3f84092a2e6685e88adbc54ee0768a1a1010ce6376c7"
+ },
+ {
+ "name": "aquasecurity:trivy:LayerDigest",
+ "value": "sha256:ba3557a56b150f9b813f9d02274d62914fd8fce120dd374d9ee17b87cf1d277d"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgID",
+ "value": "zlib@1.2.11-r3"
+ },
+ {
+ "name": "aquasecurity:trivy:PkgType",
+ "value": "alpine"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcName",
+ "value": "zlib"
+ },
+ {
+ "name": "aquasecurity:trivy:SrcVersion",
+ "value": "1.2.11-r3"
+ }
+ ]
+ },
+ {
+ "type": "operating-system",
+ "name": "alpine",
+ "bom-ref": "cfba38a6-98c7-43e7-82ac-7841dd9513ca",
+ "version": "3.13.2",
+ "properties": [
+ {
+ "name": "aquasecurity:trivy:Class",
+ "value": "os-pkgs"
+ },
+ {
+ "name": "aquasecurity:trivy:Type",
+ "value": "alpine"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "00d71201-cd27-4648-ad71-190cd4b4abf8",
+ "dependsOn": []
+ },
+ {
+ "ref": "02c6e323-75c9-41ad-a48b-ea236df51a1a",
+ "dependsOn": []
+ },
+ {
+ "ref": "036e29ed-0565-4dff-be02-dc8e2b0376d7",
+ "dependsOn": []
+ },
+ {
+ "ref": "1044da61-152a-465b-8952-c9e949247616",
+ "dependsOn": []
+ },
+ {
+ "ref": "17d6a00d-ad1c-422f-ab52-07d021d4d62a",
+ "dependsOn": [
+ "417740b7-723b-4313-8059-5f1b4945dc11",
+ "4497229a-93b4-4299-a9e6-a1070b6ffda5",
+ "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "7b125efc-c47a-449d-b273-75828649b1a4",
+ "dcadec35-53bc-493d-910d-9e96306127d1",
+ "e192291f-a90f-4cc4-ad6d-0379a45256cd"
+ ]
+ },
+ {
+ "ref": "1f71cc2c-4dae-4721-a209-956d08b69871",
+ "dependsOn": []
+ },
+ {
+ "ref": "232a0439-a241-452a-be09-f5d63c6335ef",
+ "dependsOn": []
+ },
+ {
+ "ref": "26b20f66-3994-4e05-adb5-c3a663fdc0d3",
+ "dependsOn": []
+ },
+ {
+ "ref": "2ce6cbe0-970f-4185-9e29-4e61713b2391",
+ "dependsOn": []
+ },
+ {
+ "ref": "2dabc52f-279a-4393-91e6-5b3034b68d60",
+ "dependsOn": []
+ },
+ {
+ "ref": "3550f049-6eb2-41a9-8e67-eec39e46a33d",
+ "dependsOn": []
+ },
+ {
+ "ref": "37100b09-d58e-456b-bf66-96cb133c434d",
+ "dependsOn": [
+ "00d71201-cd27-4648-ad71-190cd4b4abf8",
+ "232a0439-a241-452a-be09-f5d63c6335ef",
+ "4fbc1e52-81cf-4163-a4c0-dfc0ae24f480",
+ "718081db-83c2-4309-87c8-e43228139b88",
+ "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "90b91b63-c94e-469d-87ef-b98807e67bfb"
+ ]
+ },
+ {
+ "ref": "3a508e2a-ffa6-44b1-a334-46b9aaaf403b",
+ "dependsOn": []
+ },
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "dependsOn": []
+ },
+ {
+ "ref": "417740b7-723b-4313-8059-5f1b4945dc11",
+ "dependsOn": []
+ },
+ {
+ "ref": "4497229a-93b4-4299-a9e6-a1070b6ffda5",
+ "dependsOn": []
+ },
+ {
+ "ref": "4fbc1e52-81cf-4163-a4c0-dfc0ae24f480",
+ "dependsOn": []
+ },
+ {
+ "ref": "5b9357f0-f8fd-4f05-a2c8-d43d47bad559",
+ "dependsOn": []
+ },
+ {
+ "ref": "5bedfcbd-bcb9-4b36-ac1c-69b77c8b0b45",
+ "dependsOn": [
+ "2ce6cbe0-970f-4185-9e29-4e61713b2391",
+ "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "8d4a3605-99a8-40ad-960e-858be6815082",
+ "ad12cc30-75c9-4dbe-9cd7-19b5b086be4e",
+ "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "d99b8db3-8f9e-41a4-bb16-0c1936f401d3"
+ ]
+ },
+ {
+ "ref": "5e630d92-734e-441e-97bc-292689866d19",
+ "dependsOn": [
+ "2dabc52f-279a-4393-91e6-5b3034b68d60",
+ "3a508e2a-ffa6-44b1-a334-46b9aaaf403b",
+ "pkg:golang/github.com/mattn/go-runewidth@v0.0.1",
+ "pkg:golang/github.com/nats-io/jwt@v1.1.0",
+ "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "pkg:golang/github.com/nsf/termbox-go@v0.0.0-20160808045038-e8f6d27f72a2",
+ "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "pkg:golang/gopkg.in/gizak/termui.v1@v1.0.0-20151021151108-e62b5929642a"
+ ]
+ },
+ {
+ "ref": "63635711-87a0-4f17-a181-a1a240810ec4",
+ "dependsOn": []
+ },
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "dependsOn": []
+ },
+ {
+ "ref": "6bd9a336-e7bc-41d1-8c95-294cb3eb6726",
+ "dependsOn": []
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "dependsOn": []
+ },
+ {
+ "ref": "7b125efc-c47a-449d-b273-75828649b1a4",
+ "dependsOn": []
+ },
+ {
+ "ref": "7dba7372-931a-407d-a918-76bcac292907",
+ "dependsOn": []
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "dependsOn": []
+ },
+ {
+ "ref": "8075733b-5b92-4bdc-9b3a-1ea48bff49ad",
+ "dependsOn": []
+ },
+ {
+ "ref": "84eac386-ca89-4217-8a72-84d77e3bd144",
+ "dependsOn": []
+ },
+ {
+ "ref": "8623282c-313d-4047-9f16-bcfd7e550997",
+ "dependsOn": []
+ },
+ {
+ "ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77",
+ "dependsOn": []
+ },
+ {
+ "ref": "8d4a3605-99a8-40ad-960e-858be6815082",
+ "dependsOn": []
+ },
+ {
+ "ref": "90b91b63-c94e-469d-87ef-b98807e67bfb",
+ "dependsOn": []
+ },
+ {
+ "ref": "99b7b900-55f8-4676-8c8f-32262681845b",
+ "dependsOn": []
+ },
+ {
+ "ref": "a6b681f9-0866-480c-9a19-7df19b930d0d",
+ "dependsOn": []
+ },
+ {
+ "ref": "ab2a2a27-ce28-429e-a2d9-985a5b58ff2f",
+ "dependsOn": []
+ },
+ {
+ "ref": "ad12cc30-75c9-4dbe-9cd7-19b5b086be4e",
+ "dependsOn": []
+ },
+ {
+ "ref": "ae9d8fc6-a066-4e24-bc8c-cdfe17a737c0",
+ "dependsOn": []
+ },
+ {
+ "ref": "af137522-c78a-4301-becc-f921d74266c9",
+ "dependsOn": []
+ },
+ {
+ "ref": "bedd6971-db83-4b95-a3ec-2d000422efed",
+ "dependsOn": []
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "dependsOn": []
+ },
+ {
+ "ref": "c85c3481-4815-486c-82e9-dba0f7a3eac6",
+ "dependsOn": []
+ },
+ {
+ "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c",
+ "dependsOn": []
+ },
+ {
+ "ref": "ce8adfce-acb4-4fe1-b310-bd23e88e4e57",
+ "dependsOn": []
+ },
+ {
+ "ref": "cfba38a6-98c7-43e7-82ac-7841dd9513ca",
+ "dependsOn": [
+ "pkg:apk/alpine/alpine-baselayout@3.2.0-r8?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/alpine-keys@2.2-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/ca-certificates@20191127-r5?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/figlet@2.2.5-r1?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/libtls-standalone@2.9.1-r1?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/musl-utils@1.2.2-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/scanelf@1.2.8-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "d3c7fe00-7922-44b3-ab7a-6815c8754dfa",
+ "dependsOn": []
+ },
+ {
+ "ref": "d7122973-9d0f-4e27-bc7b-f3930bde6889",
+ "dependsOn": [
+ "02c6e323-75c9-41ad-a48b-ea236df51a1a",
+ "036e29ed-0565-4dff-be02-dc8e2b0376d7",
+ "1044da61-152a-465b-8952-c9e949247616",
+ "1f71cc2c-4dae-4721-a209-956d08b69871",
+ "6bd9a336-e7bc-41d1-8c95-294cb3eb6726",
+ "8623282c-313d-4047-9f16-bcfd7e550997",
+ "869288c8-06d2-4a38-8b68-ced0ff17bc77",
+ "ab2a2a27-ce28-429e-a2d9-985a5b58ff2f",
+ "ae9d8fc6-a066-4e24-bc8c-cdfe17a737c0",
+ "af137522-c78a-4301-becc-f921d74266c9",
+ "bedd6971-db83-4b95-a3ec-2d000422efed",
+ "ce164c60-ee4f-4360-a85f-73106cf59f6c",
+ "d3c7fe00-7922-44b3-ab7a-6815c8754dfa",
+ "f97ba060-ad20-45f4-ac69-fc24d30411ad",
+ "pkg:golang/github.com/alecthomas/template@v0.0.0-20190718012654-fb15b899a751",
+ "pkg:golang/github.com/alecthomas/units@v0.0.0-20210208195552-ff826a37aa15",
+ "pkg:golang/github.com/emicklei/dot@v0.15.0",
+ "pkg:golang/github.com/ghodss/yaml@v1.0.0",
+ "pkg:golang/github.com/google/go-cmp@v0.5.5",
+ "pkg:golang/github.com/gosuri/uilive@v0.0.4",
+ "pkg:golang/github.com/gosuri/uiprogress@v0.0.1",
+ "pkg:golang/github.com/guptarohit/asciigraph@v0.5.2",
+ "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v0.9.0",
+ "pkg:golang/github.com/klauspost/compress@v1.12.1",
+ "pkg:golang/github.com/mgutz/ansi@v0.0.0-20170206155736-9520e82c474b",
+ "pkg:golang/github.com/minio/highwayhash@v1.0.1",
+ "pkg:golang/github.com/nats-io/jsm.go@v0.0.23",
+ "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2",
+ "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20210427145106-109f3dd25f10",
+ "pkg:golang/github.com/tylertreat/hdrhistogram-writer@v0.0.0-20180430173243-73b8d31ba571",
+ "pkg:golang/github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb",
+ "pkg:golang/github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415",
+ "pkg:golang/github.com/xeipuuv/gojsonschema@v1.2.0",
+ "pkg:golang/golang.org/x/sys@v0.0.0-20210421221651-33663a62ff08",
+ "pkg:golang/golang.org/x/time@v0.0.0-20200416051211-89c76fbcd5d1",
+ "pkg:golang/gopkg.in/alecthomas/kingpin.v2@v2.2.6"
+ ]
+ },
+ {
+ "ref": "d8213071-7f1e-4f2e-bdac-e66ee0c2dde6",
+ "dependsOn": []
+ },
+ {
+ "ref": "d99b8db3-8f9e-41a4-bb16-0c1936f401d3",
+ "dependsOn": []
+ },
+ {
+ "ref": "dcadec35-53bc-493d-910d-9e96306127d1",
+ "dependsOn": []
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "dependsOn": []
+ },
+ {
+ "ref": "e2cef7b8-d52f-49c6-9c4c-fce547506589",
+ "dependsOn": []
+ },
+ {
+ "ref": "f0745570-156e-489b-9743-7a6c34f2b983",
+ "dependsOn": []
+ },
+ {
+ "ref": "f97ba060-ad20-45f4-ac69-fc24d30411ad",
+ "dependsOn": []
+ },
+ {
+ "ref": "fff3d909-640a-4173-b0c3-b23507dd77d3",
+ "dependsOn": [
+ "26b20f66-3994-4e05-adb5-c3a663fdc0d3",
+ "3550f049-6eb2-41a9-8e67-eec39e46a33d",
+ "5b9357f0-f8fd-4f05-a2c8-d43d47bad559",
+ "63635711-87a0-4f17-a181-a1a240810ec4",
+ "7dba7372-931a-407d-a918-76bcac292907",
+ "8075733b-5b92-4bdc-9b3a-1ea48bff49ad",
+ "84eac386-ca89-4217-8a72-84d77e3bd144",
+ "99b7b900-55f8-4676-8c8f-32262681845b",
+ "a6b681f9-0866-480c-9a19-7df19b930d0d",
+ "c85c3481-4815-486c-82e9-dba0f7a3eac6",
+ "ce8adfce-acb4-4fe1-b310-bd23e88e4e57",
+ "d8213071-7f1e-4f2e-bdac-e66ee0c2dde6",
+ "e2cef7b8-d52f-49c6-9c4c-fce547506589",
+ "f0745570-156e-489b-9743-7a6c34f2b983",
+ "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible",
+ "pkg:golang/github.com/briandowns/spinner@v1.12.0",
+ "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.0",
+ "pkg:golang/github.com/fsnotify/fsnotify@v1.4.9",
+ "pkg:golang/github.com/google/go-github/v30@v30.1.0",
+ "pkg:golang/github.com/google/go-querystring@v1.1.0",
+ "pkg:golang/github.com/hashicorp/hcl@v1.0.0",
+ "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf",
+ "pkg:golang/github.com/magiconair/properties@v1.8.5",
+ "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d",
+ "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0",
+ "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1",
+ "pkg:golang/github.com/mitchellh/mapstructure@v1.4.1",
+ "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9",
+ "pkg:golang/github.com/nats-io/jwt@v1.2.2",
+ "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20201021145452-94be476ad6e0",
+ "pkg:golang/github.com/pelletier/go-toml@v1.9.0",
+ "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3",
+ "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0",
+ "pkg:golang/github.com/spf13/afero@v1.6.0",
+ "pkg:golang/github.com/spf13/cast@v1.3.1",
+ "pkg:golang/github.com/spf13/cobra@v1.1.3",
+ "pkg:golang/github.com/spf13/jwalterweatherman@v1.1.0",
+ "pkg:golang/github.com/spf13/pflag@v1.0.5",
+ "pkg:golang/github.com/spf13/viper@v1.7.1",
+ "pkg:golang/github.com/subosito/gotenv@v1.2.0",
+ "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2",
+ "pkg:golang/github.com/ulikunitz/xz@v0.5.10",
+ "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "pkg:golang/golang.org/x/oauth2@v0.0.0-20210427180440-81ed05c6b58c",
+ "pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887",
+ "pkg:golang/gopkg.in/ini.v1@v1.62.0"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/alpine-baselayout@3.2.0-r8?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/alpine-keys@2.2-r0?arch=x86_64&distro=3.13.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64&distro=3.13.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:apk/alpine/ca-certificates@20191127-r5?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/figlet@2.2.5-r1?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/musl-utils@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libtls-standalone@2.9.1-r1?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/ca-certificates-bundle@20191127-r5?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/musl-utils@1.2.2-r0?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/scanelf@1.2.8-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:apk/alpine/scanelf@1.2.8-r0?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/libtls-standalone@2.9.1-r1?arch=x86_64&distro=3.13.2",
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64&distro=3.13.2",
+ "dependsOn": [
+ "pkg:apk/alpine/musl@1.2.2-r0?arch=x86_64&distro=3.13.2"
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/alecthomas/template@v0.0.0-20190718012654-fb15b899a751",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/alecthomas/units@v0.0.0-20210208195552-ff826a37aa15",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/briandowns/spinner@v1.12.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/emicklei/dot@v0.15.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/fsnotify/fsnotify@v1.4.9",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/ghodss/yaml@v1.0.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/google/go-cmp@v0.5.5",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/google/go-github/v30@v30.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/google/go-querystring@v1.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/gosuri/uilive@v0.0.4",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/gosuri/uiprogress@v0.0.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/guptarohit/asciigraph@v0.5.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/hashicorp/hcl@v1.0.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/hdrhistogram/hdrhistogram-go@v0.9.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/inconshreveable/go-update@v0.0.0-20160112193335-8152e7eb6ccf",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/klauspost/compress@v1.12.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/magiconair/properties@v1.8.5",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mattn/go-runewidth@v0.0.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20170206155736-9520e82c474b",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mgutz/ansi@v0.0.0-20200706080929-d51e80ef957d",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/minio/highwayhash@v1.0.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/mitchellh/mapstructure@v1.4.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/cliprompts/v2@v2.0.0-20200221130455-2737f3b8cbb9",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jsm.go@v0.0.23",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20201021145452-94be476ad6e0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats.go@v1.10.1-0.20210427145106-109f3dd25f10",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/nsf/termbox-go@v0.0.0-20160808045038-e8f6d27f72a2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/pelletier/go-toml@v1.9.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/rhysd/go-github-selfupdate@v1.2.3",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/spf13/afero@v1.6.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/spf13/cast@v1.3.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/spf13/cobra@v1.1.3",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/spf13/jwalterweatherman@v1.1.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/spf13/pflag@v1.0.5",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/spf13/viper@v1.7.1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/subosito/gotenv@v1.2.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/tcnksm/go-gitconfig@v0.1.2",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/tylertreat/hdrhistogram-writer@v0.0.0-20180430173243-73b8d31ba571",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/ulikunitz/xz@v0.5.10",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/github.com/xeipuuv/gojsonschema@v1.2.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/oauth2@v0.0.0-20210427180440-81ed05c6b58c",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/sys@v0.0.0-20210421221651-33663a62ff08",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/time@v0.0.0-20200416051211-89c76fbcd5d1",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/gopkg.in/alecthomas/kingpin.v2@v2.2.6",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/gopkg.in/gizak/termui.v1@v1.0.0-20151021151108-e62b5929642a",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:golang/gopkg.in/ini.v1@v1.62.0",
+ "dependsOn": []
+ },
+ {
+ "ref": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fnatsio%2Fnats-box",
+ "dependsOn": [
+ "17d6a00d-ad1c-422f-ab52-07d021d4d62a",
+ "37100b09-d58e-456b-bf66-96cb133c434d",
+ "5bedfcbd-bcb9-4b36-ac1c-69b77c8b0b45",
+ "5e630d92-734e-441e-97bc-292689866d19",
+ "cfba38a6-98c7-43e7-82ac-7841dd9513ca",
+ "d7122973-9d0f-4e27-bc7b-f3930bde6889",
+ "fff3d909-640a-4173-b0c3-b23507dd77d3"
+ ]
+ }
+ ],
+ "vulnerabilities": [
+ {
+ "advisories": [
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/33"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/35"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/38"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:8420"
+ },
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2018-25032"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2018-25032"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2067945"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2022-8420.html"
+ },
+ {
+ "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531"
+ },
+ {
+ "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12"
+ },
+ {
+ "url": "https://github.com/madler/zlib/issues/605"
+ },
+ {
+ "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml"
+ },
+ {
+ "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4"
+ },
+ {
+ "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5"
+ },
+ {
+ "url": "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2018-25032.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9565.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-42"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220526-0009"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220526-0009/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220729-0004"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220729-0004/"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213255"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213256"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213257"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5355-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5355-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5359-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5359-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5739-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
+ },
+ {
+ "url": "https://www.debian.org/security/2022/dsa-5111"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.2.11-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 787
+ ],
+ "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.",
+ "id": "CVE-2018-25032",
+ "published": "2022-03-25T09:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ruby-advisory-db"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 8.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ }
+ ],
+ "recommendation": "Upgrade zlib to version 1.2.12-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T02:56:26+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2019-13126"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/07ef71ff98f45f8c2711be4aeaf484610d891dda"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commits/master"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1053"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1441"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13126"
+ },
+ {
+ "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126"
+ },
+ {
+ "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 190
+ ],
+ "description": "An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.",
+ "id": "CVE-2019-13126",
+ "published": "2019-07-29T17:15:11+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-03-03T19:13:24+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2020/11/02/2"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2020-26521.txt"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-26521"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/pull/107"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/security/advisories/GHSA-h2fg-54x9-5qhq"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/9ff8bcde2e46009e98bd9e88f598af355f62c168"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commits/master"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26521"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0402"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).",
+ "id": "CVE-2020-26521",
+ "published": "2020-11-06T08:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:20:36+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2020-26892.txt"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-26892"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/1e08b67f08e18cd844dce833a265aaa72500a12f"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commits/master"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26892"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0380"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2020/11/02/2"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 798
+ ],
+ "description": "The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.",
+ "id": "CVE-2020-26892",
+ "published": "2020-11-06T08:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:20:46+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/16/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/16/2"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-28466"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1731"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1731/commits/2e3c22672936f4980d343fb1d328b38919e74796"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28466"
+ },
+ {
+ "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNATSIONATSSERVERSERVER-1042967"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git.",
+ "id": "CVE-2020-28466",
+ "published": "2021-03-07T10:15:12+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2021-03-25T00:21:15+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2020-29652"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-29652"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652"
+ },
+ {
+ "url": "https://errata.almalinux.org/8/ALSA-2021-1796.html"
+ },
+ {
+ "url": "https://go-review.googlesource.com/c/crypto/+/278852"
+ },
+ {
+ "url": "https://go.dev/cl/278852"
+ },
+ {
+ "url": "https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2020-29652.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-1796.html"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0227"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "versions": [
+ {
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.",
+ "id": "CVE-2020-29652",
+ "published": "2020-12-17T05:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20201216223049-8b5274cf687f",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:21:32+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-28831"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-28831"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831"
+ },
+ {
+ "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28831"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202105-09"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6335-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 755
+ ],
+ "description": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
+ "id": "CVE-2021-28831",
+ "published": "2021-03-19T05:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r4; Upgrade ssl_client to version 1.32.1-r4",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:32:23+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-30139"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "2.12.1-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.",
+ "id": "CVE-2021-30139",
+ "published": "2021-04-21T16:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ }
+ ],
+ "recommendation": "Upgrade apk-tools to version 2.12.5-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2021-04-22T18:21:47+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3127"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2021-3127.txt"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3127"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/pull/149/commits/a826c77dc9d2671c961b75ceefdb439c41029866"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/423b79440c80c863de9f4e20548504e6c5d5e403"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3127"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0",
+ "versions": [
+ {
+ "version": "v1.1.0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2",
+ "versions": [
+ {
+ "version": "v1.2.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 755
+ ],
+ "description": "NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.",
+ "id": "CVE-2021-3127",
+ "published": "2021-03-16T20:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.2.3-0.20210314221642-a826c77dc9d2; Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2022-07-12T17:42:04+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-33194"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-33194"
+ },
+ {
+ "url": "https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7"
+ },
+ {
+ "url": "https://go.dev/cl/311090"
+ },
+ {
+ "url": "https://go.dev/issue/46288"
+ },
+ {
+ "url": "https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/wPunbCPkWUg"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0238"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "versions": [
+ {
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 835
+ ],
+ "description": "golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.",
+ "id": "CVE-2021-33194",
+ "published": "2021-05-26T15:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.0.0-20210520170846-37e1c6afe023",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:35:49+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3449"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3449"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://github.com/nodejs/node/pull/38083"
+ },
+ {
+ "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3449.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0055"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0055.html"
+ },
+ {
+ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202103-03"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210513-0002"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
+ },
+ {
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-4891-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5038-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4875"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210325.txt"
+ },
+ {
+ "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-05"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-06"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-09"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-10"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).",
+ "id": "CVE-2021-3449",
+ "published": "2021-03-25T15:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.9,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 4.3,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1k-r0; Upgrade libssl1.1 to version 1.1.1k-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:00+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3450"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3450"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3450.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP"
+ },
+ {
+ "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0056.html"
+ },
+ {
+ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202103-03"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
+ },
+ {
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210325.txt"
+ },
+ {
+ "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-05"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-08"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-09"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 295
+ ],
+ "description": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).",
+ "id": "CVE-2021-3450",
+ "published": "2021-03-25T15:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.8,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1k-r0; Upgrade libssl1.1 to version 1.1.1k-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:00+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-36159"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-36159"
+ },
+ {
+ "url": "https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36159"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-36159"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "2.12.1-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.",
+ "id": "CVE-2021-36159",
+ "published": "2021-08-03T14:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.1,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 9.1,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.4,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"
+ }
+ ],
+ "recommendation": "Upgrade apk-tools to version 2.12.6-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:36:43+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3711"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3711"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3711"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0097.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202209-02"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211022-0003"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4963"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210824.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-16"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-02"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 120
+ ],
+ "description": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
+ "id": "CVE-2021-3711",
+ "published": "2021-08-24T15:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "critical"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "critical"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 9.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1l-r0; Upgrade libssl1.1 to version 1.1.1l-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
+ },
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3712"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3712"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3712.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9023.html"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0098.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202209-02"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-3"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5088-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4963"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210824.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-16"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-02"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
+ "id": "CVE-2021-3712",
+ "published": "2021-08-24T15:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.8,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.4,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1l-r0; Upgrade libssl1.1 to version 1.1.1l-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-38561"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-38561"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38561"
+ },
+ {
+ "url": "https://deps.dev/advisory/OSV/GO-2021-0113"
+ },
+ {
+ "url": "https://go.dev/cl/340830"
+ },
+ {
+ "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
+ },
+ {
+ "url": "https://pkg.go.dev/golang.org/x/text/language"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0113"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5873-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77",
+ "versions": [
+ {
+ "version": "v0.3.6",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "99b7b900-55f8-4676-8c8f-32262681845b",
+ "versions": [
+ {
+ "version": "v0.3.6",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.",
+ "id": "CVE-2021-38561",
+ "published": "2022-12-26T06:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/text to version 0.3.7",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-01-05T04:52:36+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42374"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42374"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42374"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that",
+ "id": "CVE-2021-42374",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 3.3,
+ "severity": "info",
+ "method": "CVSSv2",
+ "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.7,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42375"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42375"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42375"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42375"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 159
+ ],
+ "description": "An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.",
+ "id": "CVE-2021-42375",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 1.9,
+ "severity": "info",
+ "method": "CVSSv2",
+ "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 4.1,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42378"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42378"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42378"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function",
+ "id": "CVE-2021-42378",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42379"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42379"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42379"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function",
+ "id": "CVE-2021-42379",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42380"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42380"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42380"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42380"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function",
+ "id": "CVE-2021-42380",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42381"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42381"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42381"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function",
+ "id": "CVE-2021-42381",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42382"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42382"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42382"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function",
+ "id": "CVE-2021-42382",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42383"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42383"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42383"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42383"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
+ "id": "CVE-2021-42383",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42384"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42384"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42384"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function",
+ "id": "CVE-2021-42384",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42385"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42385"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42385"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
+ "id": "CVE-2021-42385",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42386"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42386"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42386"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function",
+ "id": "CVE-2021-42386",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-43565"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-43565"
+ },
+ {
+ "url": "https://go.dev/cl/368814"
+ },
+ {
+ "url": "https://go.dev/issues/49932"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/forum/#%21forum/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0968"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "84eac386-ca89-4217-8a72-84d77e3bd144",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "versions": [
+ {
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.",
+ "id": "CVE-2021-43565",
+ "published": "2022-09-06T18:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20211202192323-5770296d904e",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:39:23+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/33"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/35"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/38"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:5326"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-0778"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-0778"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2062202"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778"
+ },
+ {
+ "url": "https://errata.almalinux.org/8/ALSA-2022-5326.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2022:4899"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-0778.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220321-0002"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220429-0005"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213255"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213256"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213257"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5328-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5328-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6457-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
+ },
+ {
+ "url": "https://www.debian.org/security/2022/dsa-5103"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20220315.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-06"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-07"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-08"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-09"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 835
+ ],
+ "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
+ "id": "CVE-2022-0778",
+ "published": "2022-03-15T17:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1n-r0; Upgrade libssl1.1 to version 1.1.1n-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:41:33+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:6224"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-2097"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-2097"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2081494"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2087911"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2087913"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2097310"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2104905"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100554"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104905"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2022-6224.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2022:5818"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-2097.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9751.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220715-0011"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220715-0011/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230420-0008"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230420-0008/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5502-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6457-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5343"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20220705.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 327
+ ],
+ "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).",
+ "id": "CVE-2022-2097",
+ "published": "2022-07-05T11:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1q-r0; Upgrade libssl1.1 to version 1.1.1q-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:46:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-24450"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2022-24450.txt"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-24450"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/releases/tag/v2.7.2"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-g6w6-r76c-28j7"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24450"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-24450"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2",
+ "versions": [
+ {
+ "version": "v2.2.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 862
+ ],
+ "description": "NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the \"dynamically provisioned sandbox accounts\" feature.",
+ "id": "CVE-2022-24450",
+ "published": "2022-02-08T02:15:06+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 8.8,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.7.2",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-08-08T14:22:24+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/03/10/1"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2022-26652.txt"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-26652"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/2917"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/releases"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/releases/tag/v2.7.4"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-streaming-server/releases/tag/v0.24.3"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26652"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2",
+ "versions": [
+ {
+ "version": "v2.2.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 22
+ ],
+ "description": "NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.",
+ "id": "CVE-2022-26652",
+ "published": "2022-03-10T17:47:51+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 6.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 4,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.7.4",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2022-03-18T01:44:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:8008"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-27191"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-27191"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/1939485"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/1989564"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/1989570"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/1989575"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2064702"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2121445"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2121453"
+ },
+ {
+ "url": "https://cs.opensource.google/go/x/crypto"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2022-8008.html"
+ },
+ {
+ "url": "https://go.dev/cl/392355"
+ },
+ {
+ "url": "https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-27191.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-8008.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0356"
+ },
+ {
+ "url": "https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220429-0002"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220429-0002/"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "84eac386-ca89-4217-8a72-84d77e3bd144",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "versions": [
+ {
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
+ "id": "CVE-2022-27191",
+ "published": "2022-03-18T07:15:06+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 4.3,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20220314234659-1baeb1ce4c0b",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:45:17+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:2357"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-27664"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-27664"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2107371"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2107374"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2107383"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2107386"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2107388"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2113814"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2124669"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2132868"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2132872"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2161274"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913333"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913338"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107371"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107374"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107383"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107386"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107388"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124669"
+ },
+ {
+ "url": "https://cs.opensource.google/go/x/net"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2023-2357.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2022:7129"
+ },
+ {
+ "url": "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)"
+ },
+ {
+ "url": "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)"
+ },
+ {
+ "url": "https://github.com/golang/go/issues/54658"
+ },
+ {
+ "url": "https://go.dev/cl/428735"
+ },
+ {
+ "url": "https://go.dev/issue/54658"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-27664.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2024-0121.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27664"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0969"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202209-26"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220923-0004"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6038-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6038-2"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "versions": [
+ {
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
+ "id": "CVE-2022-27664",
+ "published": "2022-09-06T18:15:12+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.0.0-20220906165146-f3363e06e74c",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:45:22+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-28391"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-28391"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391"
+ },
+ {
+ "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch"
+ },
+ {
+ "url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28391"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-28391"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.",
+ "id": "CVE-2022-28391",
+ "published": "2022-04-03T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.8,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r8; Upgrade ssl_client to version 1.32.1-r8",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2022-08-11T18:44:50+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-29526"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-29526"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526"
+ },
+ {
+ "url": "https://github.com/golang/go"
+ },
+ {
+ "url": "https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c"
+ },
+ {
+ "url": "https://github.com/golang/go/issues/52313"
+ },
+ {
+ "url": "https://go.dev/cl/399539"
+ },
+ {
+ "url": "https://go.dev/cl/400074"
+ },
+ {
+ "url": "https://go.dev/issue/52313"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-29526.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-5337.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29526"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0493"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202208-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220729-0001"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220729-0001/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6038-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6038-2"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/sys@v0.0.0-20210421221651-33663a62ff08",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421221651-33663a62ff08",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887",
+ "versions": [
+ {
+ "version": "v0.0.0-20210426230700-d19ff857e887",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 269
+ ],
+ "description": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.",
+ "id": "CVE-2022-29526",
+ "published": "2022-06-23T17:15:12+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.2,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/sys to version 0.0.0-20220412211240-33da011f77ad",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:46:03+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-30065"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-30065"
+ },
+ {
+ "url": "https://bugs.busybox.net/show_bug.cgi?id=14781"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30065"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.",
+ "id": "CVE-2022-30065",
+ "published": "2022-05-18T15:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.2,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.8,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r9; Upgrade ssl_client to version 1.32.1-r9",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-02-11T17:44:54+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-32149"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-32149"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149"
+ },
+ {
+ "url": "https://github.com/golang/go/issues/56152"
+ },
+ {
+ "url": "https://github.com/golang/text"
+ },
+ {
+ "url": "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c"
+ },
+ {
+ "url": "https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8)"
+ },
+ {
+ "url": "https://go.dev/cl/442235"
+ },
+ {
+ "url": "https://go.dev/issue/56152"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-dev/c/qfPIly0X7aU"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32149"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-1059"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5873-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77",
+ "versions": [
+ {
+ "version": "v0.3.6",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "99b7b900-55f8-4676-8c8f-32262681845b",
+ "versions": [
+ {
+ "version": "v0.3.6",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 772
+ ],
+ "description": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.",
+ "id": "CVE-2022-32149",
+ "published": "2022-10-14T15:15:34+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/text to version 0.3.8",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2022-10-18T17:41:31+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/Oct/37"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/Oct/38"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/Oct/41"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/Oct/42"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/08/05/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/08/09/1"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:8291"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-37434"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-37434"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2116639"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053198"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077431"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081296"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116639"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2022-8291.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2022:8291"
+ },
+ {
+ "url": "https://github.com/curl/curl/issues/9271"
+ },
+ {
+ "url": "https://github.com/ivd38/zlib_overflow"
+ },
+ {
+ "url": "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063"
+ },
+ {
+ "url": "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1"
+ },
+ {
+ "url": "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-37434.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2023-1095.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37434"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220901-0005/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213488"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213489"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213490"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213491"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213493"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213494"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5570-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5570-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5573-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
+ },
+ {
+ "url": "https://www.debian.org/security/2022/dsa-5218"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.2.11-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 787
+ ],
+ "description": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).",
+ "id": "CVE-2022-37434",
+ "published": "2022-08-05T07:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "critical"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "critical"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"
+ }
+ ],
+ "recommendation": "Upgrade zlib to version 1.2.12-r2",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-07-19T00:56:46+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:6474"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-41723"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-41723"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2174485"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2178358"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2178488"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2178492"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184481"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184482"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184483"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184484"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2196026"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2196027"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2196029"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2222167"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2228689"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2023-6474.html"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h"
+ },
+ {
+ "url": "https://go.dev/cl/468135"
+ },
+ {
+ "url": "https://go.dev/cl/468295"
+ },
+ {
+ "url": "https://go.dev/issue/57855"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-41723.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2023-6939.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-1571"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202311-09"
+ },
+ {
+ "url": "https://vuln.go.dev/ID/GO-2023-1571.json"
+ },
+ {
+ "url": "https://www.couchbase.com/alerts"
+ },
+ {
+ "url": "https://www.couchbase.com/alerts/"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "versions": [
+ {
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.",
+ "id": "CVE-2022-41723",
+ "published": "2023-02-28T18:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.7.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-25T11:15:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "golang.org/x/net"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:6077"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-39325"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
+ },
+ {
+ "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-39325"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2242803"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2243296"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2023-6077.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2023:6077"
+ },
+ {
+ "url": "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]"
+ },
+ {
+ "url": "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]"
+ },
+ {
+ "url": "https://github.com/golang/go/issues/63417"
+ },
+ {
+ "url": "https://go.dev/cl/534215"
+ },
+ {
+ "url": "https://go.dev/cl/534235"
+ },
+ {
+ "url": "https://go.dev/issue/63417"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-39325.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2023-5867.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-2102"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202311-09"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231110-0008"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6574-1"
+ },
+ {
+ "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "versions": [
+ {
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 770
+ ],
+ "description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.",
+ "id": "CVE-2023-39325",
+ "published": "2023-10-11T22:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.17.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2024-03-10T04:15:05+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:6474"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-3978"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-3978"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2174485"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2178358"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2178488"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2178492"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184481"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184482"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184483"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184484"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2196026"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2196027"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2196029"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2222167"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2228689"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2023-6474.html"
+ },
+ {
+ "url": "https://go.dev/cl/514896"
+ },
+ {
+ "url": "https://go.dev/issue/61615"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-3978.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2023-6939.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3978"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-1988"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "versions": [
+ {
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 79
+ ],
+ "description": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.",
+ "id": "CVE-2023-3978",
+ "published": "2023-08-02T20:15:12+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 6.1,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.1,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.1,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.13.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T04:20:03+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:6746"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/cve-2023-44487"
+ },
+ {
+ "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size"
+ },
+ {
+ "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-44487"
+ },
+ {
+ "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011"
+ },
+ {
+ "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
+ },
+ {
+ "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack"
+ },
+ {
+ "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
+ },
+ {
+ "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack"
+ },
+ {
+ "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
+ },
+ {
+ "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty"
+ },
+ {
+ "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
+ },
+ {
+ "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
+ },
+ {
+ "url": "https://blog.vespa.ai/cve-2023-44487"
+ },
+ {
+ "url": "https://blog.vespa.ai/cve-2023-44487/"
+ },
+ {
+ "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2242803"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
+ },
+ {
+ "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
+ },
+ {
+ "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
+ },
+ {
+ "url": "https://chaos.social/@icing/111210915918780532"
+ },
+ {
+ "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps"
+ },
+ {
+ "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
+ },
+ {
+ "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
+ },
+ {
+ "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487"
+ },
+ {
+ "url": "https://devblogs.microsoft.com/dotnet/october-2023-updates/"
+ },
+ {
+ "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
+ },
+ {
+ "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2023-6746.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2023:5838"
+ },
+ {
+ "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
+ },
+ {
+ "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
+ },
+ {
+ "url": "https://github.com/Azure/AKS/issues/3947"
+ },
+ {
+ "url": "https://github.com/Kong/kong/discussions/11741"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
+ },
+ {
+ "url": "https://github.com/akka/akka-http/issues/4323"
+ },
+ {
+ "url": "https://github.com/alibaba/tengine/issues/1872"
+ },
+ {
+ "url": "https://github.com/apache/apisix/issues/10320"
+ },
+ {
+ "url": "https://github.com/apache/httpd-site/pull/10"
+ },
+ {
+ "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
+ },
+ {
+ "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
+ },
+ {
+ "url": "https://github.com/apache/trafficserver/pull/10564"
+ },
+ {
+ "url": "https://github.com/apple/swift-nio-http2"
+ },
+ {
+ "url": "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3"
+ },
+ {
+ "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
+ },
+ {
+ "url": "https://github.com/bcdannyboy/CVE-2023-44487"
+ },
+ {
+ "url": "https://github.com/caddyserver/caddy/issues/5877"
+ },
+ {
+ "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
+ },
+ {
+ "url": "https://github.com/dotnet/announcements/issues/277"
+ },
+ {
+ "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
+ },
+ {
+ "url": "https://github.com/eclipse/jetty.project/issues/10679"
+ },
+ {
+ "url": "https://github.com/envoyproxy/envoy/pull/30055"
+ },
+ {
+ "url": "https://github.com/etcd-io/etcd/issues/16740"
+ },
+ {
+ "url": "https://github.com/facebook/proxygen/pull/466"
+ },
+ {
+ "url": "https://github.com/golang/go/issues/63417"
+ },
+ {
+ "url": "https://github.com/grpc/grpc-go/pull/6703"
+ },
+ {
+ "url": "https://github.com/grpc/grpc-go/releases"
+ },
+ {
+ "url": "https://github.com/h2o/h2o/pull/3291"
+ },
+ {
+ "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
+ },
+ {
+ "url": "https://github.com/haproxy/haproxy/issues/2312"
+ },
+ {
+ "url": "https://github.com/hyperium/hyper/issues/3337"
+ },
+ {
+ "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
+ },
+ {
+ "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
+ },
+ {
+ "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
+ },
+ {
+ "url": "https://github.com/kazu-yamamoto/http2/issues/93"
+ },
+ {
+ "url": "https://github.com/kubernetes/kubernetes/pull/121120"
+ },
+ {
+ "url": "https://github.com/line/armeria/pull/5232"
+ },
+ {
+ "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
+ },
+ {
+ "url": "https://github.com/micrictor/http2-rst-stream"
+ },
+ {
+ "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
+ },
+ {
+ "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
+ },
+ {
+ "url": "https://github.com/nghttp2/nghttp2/pull/1961"
+ },
+ {
+ "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
+ },
+ {
+ "url": "https://github.com/ninenines/cowboy/issues/1615"
+ },
+ {
+ "url": "https://github.com/nodejs/node/pull/50121"
+ },
+ {
+ "url": "https://github.com/openresty/openresty/issues/930"
+ },
+ {
+ "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
+ },
+ {
+ "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
+ },
+ {
+ "url": "https://github.com/projectcontour/contour/pull/5826"
+ },
+ {
+ "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
+ },
+ {
+ "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
+ },
+ {
+ "url": "https://go.dev/cl/534215"
+ },
+ {
+ "url": "https://go.dev/cl/534235"
+ },
+ {
+ "url": "https://go.dev/issue/63417"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
+ },
+ {
+ "url": "https://istio.io/latest/news/security/istio-security-2023-004"
+ },
+ {
+ "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
+ },
+ {
+ "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487"
+ },
+ {
+ "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-44487.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2023-7205.html"
+ },
+ {
+ "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4"
+ },
+ {
+ "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
+ },
+ {
+ "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
+ },
+ {
+ "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
+ },
+ {
+ "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2"
+ },
+ {
+ "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
+ },
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
+ },
+ {
+ "url": "https://my.f5.com/manage/s/article/K000137106"
+ },
+ {
+ "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=37830987"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=37830998"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=37831062"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=37837043"
+ },
+ {
+ "url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
+ },
+ {
+ "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response"
+ },
+ {
+ "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-2102"
+ },
+ {
+ "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202311-09"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231016-0001"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
+ },
+ {
+ "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
+ },
+ {
+ "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
+ },
+ {
+ "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12"
+ },
+ {
+ "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94"
+ },
+ {
+ "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81"
+ },
+ {
+ "url": "https://ubuntu.com/security/CVE-2023-44487"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6427-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6427-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6438-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6505-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6574-1"
+ },
+ {
+ "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records"
+ },
+ {
+ "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
+ },
+ {
+ "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
+ },
+ {
+ "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5521"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5522"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5540"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5549"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5558"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5570"
+ },
+ {
+ "url": "https://www.eclipse.org/lists/jetty-announce/msg00181.html"
+ },
+ {
+ "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
+ },
+ {
+ "url": "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html"
+ },
+ {
+ "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487"
+ },
+ {
+ "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
+ },
+ {
+ "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products"
+ },
+ {
+ "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
+ },
+ {
+ "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
+ },
+ {
+ "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday"
+ },
+ {
+ "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "versions": [
+ {
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 400
+ ],
+ "description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
+ "id": "CVE-2023-44487",
+ "published": "2023-10-10T14:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.17.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2024-02-02T15:40:23+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/30/1"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/secnote-2023-01.txt"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-47090"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/fa5b7afcb64e7e887e49afdd032358802b5c4478"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/discussions/4535"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/4605"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/releases/tag/v2.10.2"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/releases/tag/v2.9.23"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47090"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/10/13/2"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2",
+ "versions": [
+ {
+ "version": "v2.2.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 863
+ ],
+ "description": "NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.",
+ "id": "CVE-2023-47090",
+ "published": "2023-10-30T17:15:52+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.9.23, 2.10.2",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-08T00:15:54+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:1150"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-48795"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/cve-2023-48795"
+ },
+ {
+ "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack"
+ },
+ {
+ "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
+ },
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-48795"
+ },
+ {
+ "url": "https://bugs.gentoo.org/920280"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2254210"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
+ },
+ {
+ "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
+ },
+ {
+ "url": "https://crates.io/crates/thrussh/versions"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2024-1150.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2024:0628"
+ },
+ {
+ "url": "https://filezilla-project.org/versions.php"
+ },
+ {
+ "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
+ },
+ {
+ "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
+ },
+ {
+ "url": "https://github.com/NixOS/nixpkgs/pull/275249"
+ },
+ {
+ "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
+ },
+ {
+ "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
+ },
+ {
+ "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
+ },
+ {
+ "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
+ },
+ {
+ "url": "https://github.com/apache/mina-sshd/issues/445"
+ },
+ {
+ "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
+ },
+ {
+ "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
+ },
+ {
+ "url": "https://github.com/cyd01/KiTTY/issues/520"
+ },
+ {
+ "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
+ },
+ {
+ "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
+ },
+ {
+ "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
+ },
+ {
+ "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
+ },
+ {
+ "url": "https://github.com/hierynomus/sshj/issues/916"
+ },
+ {
+ "url": "https://github.com/janmojzis/tinyssh/issues/81"
+ },
+ {
+ "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
+ },
+ {
+ "url": "https://github.com/libssh2/libssh2/pull/1291"
+ },
+ {
+ "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
+ },
+ {
+ "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
+ },
+ {
+ "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
+ },
+ {
+ "url": "https://github.com/mwiede/jsch/issues/457"
+ },
+ {
+ "url": "https://github.com/mwiede/jsch/pull/461"
+ },
+ {
+ "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
+ },
+ {
+ "url": "https://github.com/openssh/openssh-portable/commits/master"
+ },
+ {
+ "url": "https://github.com/paramiko/paramiko/issues/2337"
+ },
+ {
+ "url": "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773"
+ },
+ {
+ "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
+ },
+ {
+ "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
+ },
+ {
+ "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
+ },
+ {
+ "url": "https://github.com/proftpd/proftpd/issues/456"
+ },
+ {
+ "url": "https://github.com/rapier1/hpn-ssh/releases"
+ },
+ {
+ "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
+ },
+ {
+ "url": "https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55"
+ },
+ {
+ "url": "https://github.com/ronf/asyncssh/tags"
+ },
+ {
+ "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
+ },
+ {
+ "url": "https://github.com/warp-tech/russh"
+ },
+ {
+ "url": "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951"
+ },
+ {
+ "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
+ },
+ {
+ "url": "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8"
+ },
+ {
+ "url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
+ },
+ {
+ "url": "https://go.dev/cl/550715"
+ },
+ {
+ "url": "https://go.dev/issue/64784"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
+ },
+ {
+ "url": "https://help.panic.com/releasenotes/transmit5"
+ },
+ {
+ "url": "https://help.panic.com/releasenotes/transmit5/"
+ },
+ {
+ "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795"
+ },
+ {
+ "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-48795.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2024-12233.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
+ },
+ {
+ "url": "https://matt.ucc.asn.au/dropbear/CHANGES"
+ },
+ {
+ "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=38684904"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=38685286"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=38732005"
+ },
+ {
+ "url": "https://nova.app/releases/#v11.8"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
+ },
+ {
+ "url": "https://oryx-embedded.com/download/#changelog"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
+ },
+ {
+ "url": "https://roumenpetrov.info/secsh/#news20231220"
+ },
+ {
+ "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
+ },
+ {
+ "url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
+ },
+ {
+ "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
+ },
+ {
+ "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202312-16"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202312-17"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240105-0004"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT214084"
+ },
+ {
+ "url": "https://terrapin-attack.com/"
+ },
+ {
+ "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway"
+ },
+ {
+ "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
+ },
+ {
+ "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
+ },
+ {
+ "url": "https://ubuntu.com/security/CVE-2023-48795"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6560-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6560-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6561-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6585-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6589-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6598-1"
+ },
+ {
+ "url": "https://winscp.net/eng/docs/history#6.2.2"
+ },
+ {
+ "url": "https://www.bitvise.com/ssh-client-version-history#933"
+ },
+ {
+ "url": "https://www.bitvise.com/ssh-server-version-history"
+ },
+ {
+ "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
+ },
+ {
+ "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5586"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5588"
+ },
+ {
+ "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
+ },
+ {
+ "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
+ },
+ {
+ "url": "https://www.netsarang.com/en/xshell-update-history"
+ },
+ {
+ "url": "https://www.netsarang.com/en/xshell-update-history/"
+ },
+ {
+ "url": "https://www.openssh.com/openbsd.html"
+ },
+ {
+ "url": "https://www.openssh.com/txt/release-9.6"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/12/18/3"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
+ },
+ {
+ "url": "https://www.paramiko.org/changelog.html"
+ },
+ {
+ "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed"
+ },
+ {
+ "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
+ },
+ {
+ "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795"
+ },
+ {
+ "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
+ },
+ {
+ "url": "https://www.terrapin-attack.com"
+ },
+ {
+ "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
+ },
+ {
+ "url": "https://www.vandyke.com/products/securecrt/history.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "84eac386-ca89-4217-8a72-84d77e3bd144",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "versions": [
+ {
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 354
+ ],
+ "description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
+ "id": "CVE-2023-48795",
+ "published": "2023-12-18T16:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.17.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2024-03-13T21:15:54+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2020-26892.txt"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-2c64-vj8g-vwrq"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-2c64-vj8g-vwrq"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "(This advisory is canonically https://advisories.nats.io/CVE/CVE-2020-26892.txt )\n\n## Problem Description\n\nNATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled.\n\nThe NATS accounts system has expiration timestamps on credentials; the \u003chttps://github.com/nats-io/jwt\u003e library had an API which encouraged misuse and an `IsRevoked()` method which misused its own API.\n\nA new `IsClaimRevoked()` method has correct handling and the nats-server has been updated to use this. The old `IsRevoked()` method now always returns true and other client code will have to be updated to avoid calling it.\n\nThe CVE identifier should cover any application using the old JWT API, where the nats-server is one of those applications.\n\n\n## Affected versions\n\n#### JWT library\n\n * all versions prior to 1.1.0\n * fixed after nats-io/jwt PR 103 landed (2020-10-06)\n\n#### NATS Server\n\n * Version 2 prior to 2.1.9\n + 2.0.0 through and including 2.1.8 are vulnerable.\n * fixed with nats-io/nats-server PRs 1632, 1635, 1645\n\n\n## Impact\n\nTime-based credential expiry did not work.\n\n\n## Workaround\n\nHave credentials which only expire after fixes can be deployed.\n\n\n## Solution\n\nUpgrade the JWT dependency in any application using it.\n\nUpgrade the NATS server if using NATS Accounts.",
+ "id": "GHSA-2c64-vj8g-vwrq",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "severity": "high"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ }
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2021-3127.txt"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-62mh-w5cv-p88c"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/pull/149"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/security/advisories/GHSA-62mh-w5cv-p88c"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0",
+ "versions": [
+ {
+ "version": "v1.1.0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2",
+ "versions": [
+ {
+ "version": "v1.2.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "(This advisory is canonically \u003chttps://advisories.nats.io/CVE/CVE-2021-3127.txt\u003e)\n\n## Problem Description\n\nThe NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyone can import the\nrelevant subjects, and some Exports are private, such that the Import requires a token JWT to prove permission.\n\nThe JWT library's validation of the bindings in the Import Token incorrectly warned on mismatches, instead of outright rejecting the token.\n\nAs a result, any account can take an Import token used by any other account and re-use it for themselves because the binding to the\nimporting account is not rejected, and use it to import *any* Subject from the Exporting account, not just the Subject referenced in the Import Token.\n\nThe NATS account-server system treats account JWTs as semi-public information, such that an attacker can easily enumerate all account JWTs and retrieve all Import Tokens from those account JWTs.\n\nThe CVE identifier should cover the JWT library repair and the nats-server containing the fixed JWT library, and any other application depending upon the fixed JWT library.\n\n\n## Affected versions\n\n#### JWT library\n\n * all versions prior to 2.0.1\n * fixed after nats-io/jwt#149 landed (2021-03-14)\n\n#### NATS Server\n\n * Version 2 prior to 2.2.0\n + 2.0.0 through and including 2.1.9 are vulnerable\n * fixed with nats-io/nats-server@423b79440c (2021-03-14)\n\n\n## Impact\n\nIn deployments with untrusted accounts able to update the Account Server with imports, a malicious account can access any Subject from an account which provides Exported Subjects.\n\nAbuse of this facility requires the malicious actor to upload their tampered Account JWT to the Account Server, providing the service operator with a data-store which can be scanned for signs of abuse.\n\n\n## Workaround\n\nDeny access to clients to update their account JWT in the account server.\n\n\n## Solution\n\nUpgrade the JWT dependency in any application using it.\n\nUpgrade the NATS server if using NATS Accounts (with private Exports; Account owners can create those at any time though).\n\nAudit all accounts JWTs to scan for exploit attempts; a Python script to audit the accounts can be found at \u003chttps://gist.github.com/philpennock/09d49524ad98043ff11d8a40c2bb0d5a\u003e.",
+ "id": "GHSA-62mh-w5cv-p88c",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "severity": "critical"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 2.0.1",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ }
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://github.com/advisories/GHSA-gwj5-3vfq-q992"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-gwj5-3vfq-q992"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "(This advisory is canonically \u003chttps://advisories.nats.io/CVE/CVE-2020-28466.txt\u003e)\n\n## Problem Description\n\nAn export/import cycle between accounts could crash the nats-server, after consuming CPU and memory.\n\nThis issue was fixed publicly in \u003chttps://github.com/nats-io/nats-server/pull/1731\u003e in November 2020.\n\nThe need to call this out as a security issue was highlighted by `snyk.io` and we are grateful for their assistance in doing so.\n\nOrganizations which run a NATS service providing access to accounts run by untrusted third parties are affected.\nSee below for an important caveat if running such a service.\n\n\n## Affected versions\n\n#### NATS Server\n\n * Version 2 prior to 2.2.0\n + 2.0.0 through and including 2.1.9 are vulnerable.\n * fixed with nats-io/nats-server PR 1731, commit 2e3c226729\n\n\n## Impact\n\nThe nats-server could be killed, after consuming resources.\n\n\n## Workaround\n\nThe import cycle requires at least two accounts to work; if you have open account sign-up, then restricting new account sign-up might hinder an attacker.\n\n\n## Solution\n\nUpgrade the nats-server.\n\n\n## Caveat on NATS with untrusted users\n\nRunning a NATS service which is exposed to untrusted users presents a heightened risk.\n\nAny remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers.\n\nFixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention.\n\nThose who are running such services are encouraged to build regularly from git.",
+ "id": "GHSA-gwj5-3vfq-q992",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "low",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ }
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2020-26521.txt"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-hmm9-r2m2-qg9w"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/pull/107"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-hmm9-r2m2-qg9w"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26521"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2020/11/02/2"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "(This advisory is canonically \u003chttps://advisories.nats.io/CVE/CVE-2020-26521.txt\u003e)\n\n## Problem Description\n\nThe NATS account system has an Operator trusted by the servers, which signs Accounts, and each Account can then create and sign Users within their account. The Operator should be able to safely issue Accounts to other entities which it does not fully trust.\n\nA malicious Account could create and sign a User JWT with a state not created by the normal tooling, such that decoding by the NATS JWT library (written in Go) would attempt a nil dereference, aborting execution.\n\nThe NATS Server is known to be impacted by this.\n\n\n## Affected versions\n\n#### JWT library\n\n * all versions prior to 1.1.0\n\n#### NATS Server\n\n * Version 2 prior to 2.1.9\n\n\n## Impact\n\n#### JWT library\n\n * Programs would nil dereference and panic, aborting execution by default.\n\n#### NATS server\n\n * Denial of Service caused by process termination\n\n\n## Workaround\n\nIf your NATS servers do not trust any accounts which are managed by untrusted entities, then malformed User credentials are unlikely to be encountered.\n\n\n## Solution\n\nUpgrade the JWT dependency in any application using it.\n\nUpgrade the NATS server if using NATS Accounts.",
+ "id": "GHSA-hmm9-r2m2-qg9w",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ }
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2021-3127.txt"
+ },
+ {
+ "url": "https://github.com/advisories/GHSA-j756-f273-xhp4"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/pull/149"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-j756-f273-xhp4"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3127"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0",
+ "versions": [
+ {
+ "version": "v1.1.0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2",
+ "versions": [
+ {
+ "version": "v1.2.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "(This advisory is canonically \u003chttps://advisories.nats.io/CVE/CVE-2021-3127.txt\u003e)\n\n## Problem Description\n\nThe NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyone can import the relevant subjects, and some Exports are private, such that the Import requires a token JWT to prove permission.\n\nThe JWT library's validation of the bindings in the Import Token incorrectly warned on mismatches, instead of outright rejecting the token.\n\nAs a result, any account can take an Import token used by any other account and re-use it for themselves because the binding to the importing account is not rejected, and use it to import *any* Subject from the Exporting account, not just the Subject referenced in the Import Token.\n\nThe NATS account-server system treats account JWTs as semi-public information, such that an attacker can easily enumerate all account JWTs and retrieve all Import Tokens from those account JWTs.\n\nThe CVE identifier should cover the JWT library repair and the nats-server containing the fixed JWT library, and any other application depending upon the fixed JWT library.\n\n\n## Affected versions\n\n#### JWT library\n\n * all versions prior to 2.0.1\n * fixed after nats-io/jwt#149 landed (2021-03-14)\n\n#### NATS Server\n\n * Version 2 prior to 2.2.0\n + 2.0.0 through and including 2.1.9 are vulnerable\n * fixed with nats-io/nats-server@423b79440c (2021-03-14)\n\n\n## Impact\n\nIn deployments with untrusted accounts able to update the Account Server with imports, a malicious account can access any Subject from an account which provides Exported Subjects.\n\nAbuse of this facility requires the malicious actor to upload their tampered Account JWT to the Account Server, providing the service operator with a data-store which can be scanned for signs of abuse.\n\n\n## Workaround\n\nDeny access to clients to update their account JWT in the account server.\n\n\n## Solution\n\nUpgrade the JWT dependency in any application using it.\n\nUpgrade the NATS server if using NATS Accounts (with private Exports; Account owners can create those at any time though).\n\nAudit all accounts JWTs to scan for exploit attempts; a Python script to audit the accounts can be found at \u003chttps://gist.github.com/philpennock/09d49524ad98043ff11d8a40c2bb0d5a\u003e.",
+ "id": "GHSA-j756-f273-xhp4",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.2.3-0.20210314221642-a826c77dc9d2; Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ }
+ }
+ ]
+}
diff --git a/test/diff/vulnerability/cdx-1-5-vulnerabilities-base.bom.json b/test/diff/vulnerability/cdx-1-5-vulnerabilities-base.bom.json
new file mode 100644
index 00000000..51160ba0
--- /dev/null
+++ b/test/diff/vulnerability/cdx-1-5-vulnerabilities-base.bom.json
@@ -0,0 +1,4143 @@
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.5",
+ "serialNumber": "urn:uuid:xxxx",
+ "version": 1,
+ "metadata": {
+ "component": {
+ "type": "container",
+ "bom-ref": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fnats-io%2Fnats-box",
+ "name": "nats-io/nats-box",
+ "purl": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fnats-io%2Fnats-box"
+ }
+ },
+ "vulnerabilities": [
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2018-25032"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/33"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/35"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/38"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:8420"
+ },
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2018-25032"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2067945"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.2.11-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 787
+ ],
+ "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.",
+ "id": "CVE-2018-25032",
+ "published": "2022-03-25T09:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 8.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
+ },
+ {
+ "source": {
+ "name": "ruby-advisory-db"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade zlib to version 1.2.12-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T02:56:26+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2019-13126"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/07ef71ff98f45f8c2711be4aeaf484610d891dda"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commits/master"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1053"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1441"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13126"
+ },
+ {
+ "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126"
+ },
+ {
+ "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 190
+ ],
+ "description": "An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.",
+ "id": "CVE-2019-13126",
+ "published": "2019-07-29T17:15:11+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-03-03T19:13:24+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-26521"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2020/11/02/2"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2020-26521.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).",
+ "id": "CVE-2020-26521",
+ "published": "2020-11-06T08:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:20:36+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-26892"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2020-26892.txt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/1e08b67f08e18cd844dce833a265aaa72500a12f"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commits/master"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26892"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0380"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2020/11/02/2"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 798
+ ],
+ "description": "The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.",
+ "id": "CVE-2020-26892",
+ "published": "2020-11-06T08:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:20:46+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-28466"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/16/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/16/2"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1731"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1731/commits/2e3c22672936f4980d343fb1d328b38919e74796"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28466"
+ },
+ {
+ "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNATSIONATSSERVERSERVER-1042967"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git.",
+ "id": "CVE-2020-28466",
+ "published": "2021-03-07T10:15:12+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2021-03-25T00:21:15+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-29652"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2020-29652"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652"
+ },
+ {
+ "url": "https://errata.almalinux.org/8/ALSA-2021-1796.html"
+ },
+ {
+ "url": "https://go-review.googlesource.com/c/crypto/+/278852"
+ },
+ {
+ "url": "https://go.dev/cl/278852"
+ },
+ {
+ "url": "https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2020-29652.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-1796.html"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0227"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "versions": [
+ {
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.",
+ "id": "CVE-2020-29652",
+ "published": "2020-12-17T05:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20201216223049-8b5274cf687f",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:21:32+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-28831"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-28831"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831"
+ },
+ {
+ "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28831"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202105-09"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6335-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 755
+ ],
+ "description": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
+ "id": "CVE-2021-28831",
+ "published": "2021-03-19T05:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r4; Upgrade ssl_client to version 1.32.1-r4",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:32:23+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-30139"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "2.12.1-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.",
+ "id": "CVE-2021-30139",
+ "published": "2021-04-21T16:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade apk-tools to version 2.12.5-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2021-04-22T18:21:47+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3127"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3127"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2021-3127.txt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/pull/149/commits/a826c77dc9d2671c961b75ceefdb439c41029866"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/423b79440c80c863de9f4e20548504e6c5d5e403"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3127"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0",
+ "versions": [
+ {
+ "version": "v1.1.0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2",
+ "versions": [
+ {
+ "version": "v1.2.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 755
+ ],
+ "description": "NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.",
+ "id": "CVE-2021-3127",
+ "published": "2021-03-16T20:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.2.3-0.20210314221642-a826c77dc9d2; Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2022-07-12T17:42:04+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-33194"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-33194"
+ },
+ {
+ "url": "https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7"
+ },
+ {
+ "url": "https://go.dev/cl/311090"
+ },
+ {
+ "url": "https://go.dev/issue/46288"
+ },
+ {
+ "url": "https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/wPunbCPkWUg"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0238"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "versions": [
+ {
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 835
+ ],
+ "description": "golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.",
+ "id": "CVE-2021-33194",
+ "published": "2021-05-26T15:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.0.0-20210520170846-37e1c6afe023",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:35:49+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3449"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3449"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://github.com/nodejs/node/pull/38083"
+ },
+ {
+ "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3449.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0055"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0055.html"
+ },
+ {
+ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202103-03"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210513-0002"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
+ },
+ {
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-4891-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5038-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4875"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210325.txt"
+ },
+ {
+ "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-05"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-06"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-09"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-10"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).",
+ "id": "CVE-2021-3449",
+ "published": "2021-03-25T15:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 4.3,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.9,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1k-r0; Upgrade libssl1.1 to version 1.1.1k-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:00+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3450"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3450"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3450.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP"
+ },
+ {
+ "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0056.html"
+ },
+ {
+ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202103-03"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
+ },
+ {
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210325.txt"
+ },
+ {
+ "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-05"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-08"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-09"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 295
+ ],
+ "description": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).",
+ "id": "CVE-2021-3450",
+ "published": "2021-03-25T15:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.8,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1k-r0; Upgrade libssl1.1 to version 1.1.1k-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:00+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-36159"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-36159"
+ },
+ {
+ "url": "https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36159"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-36159"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "2.12.1-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.",
+ "id": "CVE-2021-36159",
+ "published": "2021-08-03T14:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.4,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.1,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 9.1,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade apk-tools to version 2.12.6-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:36:43+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3711"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3711"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3711"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0097.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202209-02"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211022-0003"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4963"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210824.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-16"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-02"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 120
+ ],
+ "description": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
+ "id": "CVE-2021-3711",
+ "published": "2021-08-24T15:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "critical"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "critical"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 9.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1l-r0; Upgrade libssl1.1 to version 1.1.1l-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3712"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
+ },
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3712"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3712.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9023.html"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0098.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202209-02"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-3"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5088-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4963"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210824.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-16"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-02"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
+ "id": "CVE-2021-3712",
+ "published": "2021-08-24T15:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.8,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.4,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1l-r0; Upgrade libssl1.1 to version 1.1.1l-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-38561"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-38561"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38561"
+ },
+ {
+ "url": "https://deps.dev/advisory/OSV/GO-2021-0113"
+ },
+ {
+ "url": "https://go.dev/cl/340830"
+ },
+ {
+ "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
+ },
+ {
+ "url": "https://pkg.go.dev/golang.org/x/text/language"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0113"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5873-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77",
+ "versions": [
+ {
+ "version": "v0.3.6",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "99b7b900-55f8-4676-8c8f-32262681845b",
+ "versions": [
+ {
+ "version": "v0.3.6",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.",
+ "id": "CVE-2021-38561",
+ "published": "2022-12-26T06:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/text to version 0.3.7",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-01-05T04:52:36+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42374"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42374"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42374"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that",
+ "id": "CVE-2021-42374",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 3.3,
+ "severity": "info",
+ "method": "CVSSv2",
+ "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.7,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42375"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42375"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42375"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42375"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 159
+ ],
+ "description": "An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.",
+ "id": "CVE-2021-42375",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 1.9,
+ "severity": "info",
+ "method": "CVSSv2",
+ "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 4.1,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42378"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42378"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42378"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function",
+ "id": "CVE-2021-42378",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42379"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42379"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42379"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function",
+ "id": "CVE-2021-42379",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42380"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42380"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42380"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42380"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function",
+ "id": "CVE-2021-42380",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42381"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42381"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42381"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function",
+ "id": "CVE-2021-42381",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42382"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42382"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42382"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function",
+ "id": "CVE-2021-42382",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42383"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42383"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42383"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42383"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
+ "id": "CVE-2021-42383",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42384"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42384"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42384"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function",
+ "id": "CVE-2021-42384",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42385"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42385"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42385"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
+ "id": "CVE-2021-42385",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42386"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42386"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42386"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function",
+ "id": "CVE-2021-42386",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-43565"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-43565"
+ },
+ {
+ "url": "https://go.dev/cl/368814"
+ },
+ {
+ "url": "https://go.dev/issues/49932"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/forum/#%21forum/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0968"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "84eac386-ca89-4217-8a72-84d77e3bd144",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "versions": [
+ {
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.",
+ "id": "CVE-2021-43565",
+ "published": "2022-09-06T18:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20211202192323-5770296d904e",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:39:23+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-0778"
+ },
+ {
+ "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/33"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/35"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/38"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:5326"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-0778"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2062202"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778"
+ },
+ {
+ "url": "https://errata.almalinux.org/8/ALSA-2022-5326.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2022:4899"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-0778.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220321-0002"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220429-0005"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213255"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213256"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213257"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5328-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5328-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6457-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
+ },
+ {
+ "url": "https://www.debian.org/security/2022/dsa-5103"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20220315.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-06"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-07"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-08"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-09"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 835
+ ],
+ "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
+ "id": "CVE-2022-0778",
+ "published": "2022-03-15T17:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1n-r0; Upgrade libssl1.1 to version 1.1.1n-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:41:33+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-2097"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:6224"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-2097"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2081494"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2087911"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2087913"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2097310"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2104905"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100554"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104905"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2022-6224.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2022:5818"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-2097.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9751.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220715-0011"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220715-0011/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230420-0008"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230420-0008/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5502-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6457-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5343"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20220705.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 327
+ ],
+ "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).",
+ "id": "CVE-2022-2097",
+ "published": "2022-07-05T11:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1q-r0; Upgrade libssl1.1 to version 1.1.1q-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:46:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-24450"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-24450"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2022-24450.txt"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/releases/tag/v2.7.2"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-g6w6-r76c-28j7"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24450"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-24450"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2",
+ "versions": [
+ {
+ "version": "v2.2.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 862
+ ],
+ "description": "NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the \"dynamically provisioned sandbox accounts\" feature.",
+ "id": "CVE-2022-24450",
+ "published": "2022-02-08T02:15:06+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 8.8,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.7.2",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-08-08T14:22:24+00:00"
+ }
+ ]
+}
diff --git a/test/diff/vulnerability/cdx-1-5-vulnerabilities-delta-add-1.bom.json b/test/diff/vulnerability/cdx-1-5-vulnerabilities-delta-add-1.bom.json
new file mode 100644
index 00000000..c431d881
--- /dev/null
+++ b/test/diff/vulnerability/cdx-1-5-vulnerabilities-delta-add-1.bom.json
@@ -0,0 +1,4295 @@
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.5",
+ "serialNumber": "urn:uuid:xxxx",
+ "version": 1,
+ "metadata": {
+ "component": {
+ "type": "container",
+ "bom-ref": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fnats-io%2Fnats-box",
+ "name": "nats-io/nats-box",
+ "purl": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fnats-io%2Fnats-box"
+ }
+ },
+ "vulnerabilities": [
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2018-25032"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/33"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/35"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/38"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:8420"
+ },
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2018-25032"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2067945"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.2.11-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 787
+ ],
+ "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.",
+ "id": "CVE-2018-25032",
+ "published": "2022-03-25T09:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 8.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
+ },
+ {
+ "source": {
+ "name": "ruby-advisory-db"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade zlib to version 1.2.12-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T02:56:26+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2019-13126"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/07ef71ff98f45f8c2711be4aeaf484610d891dda"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commits/master"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1053"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1441"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13126"
+ },
+ {
+ "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126"
+ },
+ {
+ "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 190
+ ],
+ "description": "An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.",
+ "id": "CVE-2019-13126",
+ "published": "2019-07-29T17:15:11+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-03-03T19:13:24+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-26521"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2020/11/02/2"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2020-26521.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).",
+ "id": "CVE-2020-26521",
+ "published": "2020-11-06T08:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:20:36+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-26892"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2020-26892.txt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/1e08b67f08e18cd844dce833a265aaa72500a12f"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commits/master"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26892"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0380"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2020/11/02/2"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 798
+ ],
+ "description": "The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.",
+ "id": "CVE-2020-26892",
+ "published": "2020-11-06T08:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:20:46+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-28466"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/16/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/16/2"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1731"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1731/commits/2e3c22672936f4980d343fb1d328b38919e74796"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28466"
+ },
+ {
+ "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNATSIONATSSERVERSERVER-1042967"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git.",
+ "id": "CVE-2020-28466",
+ "published": "2021-03-07T10:15:12+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2021-03-25T00:21:15+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-29652"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2020-29652"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652"
+ },
+ {
+ "url": "https://errata.almalinux.org/8/ALSA-2021-1796.html"
+ },
+ {
+ "url": "https://go-review.googlesource.com/c/crypto/+/278852"
+ },
+ {
+ "url": "https://go.dev/cl/278852"
+ },
+ {
+ "url": "https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2020-29652.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-1796.html"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0227"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "versions": [
+ {
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.",
+ "id": "CVE-2020-29652",
+ "published": "2020-12-17T05:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20201216223049-8b5274cf687f",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:21:32+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-28831"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-28831"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831"
+ },
+ {
+ "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28831"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202105-09"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6335-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 755
+ ],
+ "description": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
+ "id": "CVE-2021-28831",
+ "published": "2021-03-19T05:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r4; Upgrade ssl_client to version 1.32.1-r4",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:32:23+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-30139"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "2.12.1-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.",
+ "id": "CVE-2021-30139",
+ "published": "2021-04-21T16:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade apk-tools to version 2.12.5-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2021-04-22T18:21:47+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3127"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3127"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2021-3127.txt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/pull/149/commits/a826c77dc9d2671c961b75ceefdb439c41029866"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/423b79440c80c863de9f4e20548504e6c5d5e403"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3127"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0",
+ "versions": [
+ {
+ "version": "v1.1.0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2",
+ "versions": [
+ {
+ "version": "v1.2.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 755
+ ],
+ "description": "NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.",
+ "id": "CVE-2021-3127",
+ "published": "2021-03-16T20:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.2.3-0.20210314221642-a826c77dc9d2; Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2022-07-12T17:42:04+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-33194"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-33194"
+ },
+ {
+ "url": "https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7"
+ },
+ {
+ "url": "https://go.dev/cl/311090"
+ },
+ {
+ "url": "https://go.dev/issue/46288"
+ },
+ {
+ "url": "https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/wPunbCPkWUg"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0238"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "versions": [
+ {
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 835
+ ],
+ "description": "golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.",
+ "id": "CVE-2021-33194",
+ "published": "2021-05-26T15:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.0.0-20210520170846-37e1c6afe023",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:35:49+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3449"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3449"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://github.com/nodejs/node/pull/38083"
+ },
+ {
+ "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3449.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0055"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0055.html"
+ },
+ {
+ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202103-03"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210513-0002"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
+ },
+ {
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-4891-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5038-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4875"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210325.txt"
+ },
+ {
+ "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-05"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-06"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-09"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-10"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).",
+ "id": "CVE-2021-3449",
+ "published": "2021-03-25T15:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 4.3,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.9,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1k-r0; Upgrade libssl1.1 to version 1.1.1k-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:00+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3450"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3450"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3450.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP"
+ },
+ {
+ "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0056.html"
+ },
+ {
+ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202103-03"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
+ },
+ {
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210325.txt"
+ },
+ {
+ "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-05"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-08"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-09"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 295
+ ],
+ "description": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).",
+ "id": "CVE-2021-3450",
+ "published": "2021-03-25T15:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.8,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1k-r0; Upgrade libssl1.1 to version 1.1.1k-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:00+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-36159"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-36159"
+ },
+ {
+ "url": "https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36159"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-36159"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "2.12.1-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.",
+ "id": "CVE-2021-36159",
+ "published": "2021-08-03T14:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.4,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.1,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 9.1,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade apk-tools to version 2.12.6-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:36:43+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3711"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3711"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3711"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0097.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202209-02"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211022-0003"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4963"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210824.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-16"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-02"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 120
+ ],
+ "description": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
+ "id": "CVE-2021-3711",
+ "published": "2021-08-24T15:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "critical"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "critical"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 9.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1l-r0; Upgrade libssl1.1 to version 1.1.1l-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3712"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
+ },
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3712"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3712.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9023.html"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0098.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202209-02"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-3"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5088-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4963"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210824.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-16"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-02"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
+ "id": "CVE-2021-3712",
+ "published": "2021-08-24T15:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.8,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.4,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1l-r0; Upgrade libssl1.1 to version 1.1.1l-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-38561"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-38561"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38561"
+ },
+ {
+ "url": "https://deps.dev/advisory/OSV/GO-2021-0113"
+ },
+ {
+ "url": "https://go.dev/cl/340830"
+ },
+ {
+ "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
+ },
+ {
+ "url": "https://pkg.go.dev/golang.org/x/text/language"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0113"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5873-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77",
+ "versions": [
+ {
+ "version": "v0.3.6",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "99b7b900-55f8-4676-8c8f-32262681845b",
+ "versions": [
+ {
+ "version": "v0.3.6",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.",
+ "id": "CVE-2021-38561",
+ "published": "2022-12-26T06:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/text to version 0.3.7",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-01-05T04:52:36+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42374"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42374"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42374"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that",
+ "id": "CVE-2021-42374",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 3.3,
+ "severity": "info",
+ "method": "CVSSv2",
+ "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.7,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42375"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42375"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42375"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42375"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 159
+ ],
+ "description": "An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.",
+ "id": "CVE-2021-42375",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 1.9,
+ "severity": "info",
+ "method": "CVSSv2",
+ "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 4.1,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2023-3978"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2023:6474"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2023-3978"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2174485"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2178358"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2178488"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2178492"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184481"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184482"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184483"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2184484"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2196026"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2196027"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2196029"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2222167"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2228689"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2023-6474.html"
+ },
+ {
+ "url": "https://go.dev/cl/514896"
+ },
+ {
+ "url": "https://go.dev/issue/61615"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2023-3978.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2023-6939.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3978"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2023-1988"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "versions": [
+ {
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 79
+ ],
+ "description": "DIFF: ADD: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.",
+ "id": "CVE-2023-3978",
+ "published": "2023-08-02T20:15:12+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 6.1,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.1,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.1,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.13.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2024-04-14T04:20:03+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42378"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42378"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42378"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function",
+ "id": "CVE-2021-42378",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42379"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42379"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42379"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function",
+ "id": "CVE-2021-42379",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42380"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42380"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42380"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42380"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function",
+ "id": "CVE-2021-42380",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42381"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42381"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42381"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function",
+ "id": "CVE-2021-42381",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42382"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42382"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42382"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function",
+ "id": "CVE-2021-42382",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42383"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42383"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42383"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42383"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
+ "id": "CVE-2021-42383",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42384"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42384"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42384"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function",
+ "id": "CVE-2021-42384",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42385"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42385"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42385"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
+ "id": "CVE-2021-42385",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42386"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42386"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42386"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function",
+ "id": "CVE-2021-42386",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-43565"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-43565"
+ },
+ {
+ "url": "https://go.dev/cl/368814"
+ },
+ {
+ "url": "https://go.dev/issues/49932"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/forum/#%21forum/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0968"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "84eac386-ca89-4217-8a72-84d77e3bd144",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "versions": [
+ {
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.",
+ "id": "CVE-2021-43565",
+ "published": "2022-09-06T18:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20211202192323-5770296d904e",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:39:23+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-0778"
+ },
+ {
+ "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/33"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/35"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/38"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:5326"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-0778"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2062202"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778"
+ },
+ {
+ "url": "https://errata.almalinux.org/8/ALSA-2022-5326.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2022:4899"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-0778.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220321-0002"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220429-0005"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213255"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213256"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213257"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5328-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5328-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6457-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
+ },
+ {
+ "url": "https://www.debian.org/security/2022/dsa-5103"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20220315.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-06"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-07"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-08"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-09"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 835
+ ],
+ "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
+ "id": "CVE-2022-0778",
+ "published": "2022-03-15T17:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1n-r0; Upgrade libssl1.1 to version 1.1.1n-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:41:33+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-2097"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:6224"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-2097"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2081494"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2087911"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2087913"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2097310"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2104905"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100554"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104905"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2022-6224.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2022:5818"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-2097.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9751.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220715-0011"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220715-0011/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230420-0008"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230420-0008/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5502-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6457-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5343"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20220705.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 327
+ ],
+ "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).",
+ "id": "CVE-2022-2097",
+ "published": "2022-07-05T11:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1q-r0; Upgrade libssl1.1 to version 1.1.1q-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:46:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-24450"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-24450"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2022-24450.txt"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/releases/tag/v2.7.2"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-g6w6-r76c-28j7"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24450"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-24450"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2",
+ "versions": [
+ {
+ "version": "v2.2.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 862
+ ],
+ "description": "NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the \"dynamically provisioned sandbox accounts\" feature.",
+ "id": "CVE-2022-24450",
+ "published": "2022-02-08T02:15:06+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 8.8,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.7.2",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-08-08T14:22:24+00:00"
+ }
+ ]
+}
diff --git a/test/diff/vulnerability/cdx-1-5-vulnerabilities-delta-remove-1.bom.json b/test/diff/vulnerability/cdx-1-5-vulnerabilities-delta-remove-1.bom.json
new file mode 100644
index 00000000..6fdea565
--- /dev/null
+++ b/test/diff/vulnerability/cdx-1-5-vulnerabilities-delta-remove-1.bom.json
@@ -0,0 +1,4033 @@
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.5",
+ "serialNumber": "urn:uuid:xxxx",
+ "version": 1,
+ "metadata": {
+ "component": {
+ "type": "container",
+ "bom-ref": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fnats-io%2Fnats-box",
+ "name": "nats-io/nats-box",
+ "purl": "pkg:oci/nats-box@sha256%3Acaf0c9fe15a9a88d001c74fd9d80f7f6fd57474aa243cd63a9a086eda9e202be?arch=amd64&repository_url=index.docker.io%2Fnats-io%2Fnats-box"
+ }
+ },
+ "vulnerabilities": [
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2018-25032"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/33"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/35"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/38"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:8420"
+ },
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2018-25032"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2067945"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/zlib@1.2.11-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.2.11-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 787
+ ],
+ "description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.",
+ "id": "CVE-2018-25032",
+ "published": "2022-03-25T09:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 8.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"
+ },
+ {
+ "source": {
+ "name": "ruby-advisory-db"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade zlib to version 1.2.12-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T02:56:26+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2019-13126"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/07ef71ff98f45f8c2711be4aeaf484610d891dda"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commits/master"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1053"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1441"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13126"
+ },
+ {
+ "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126"
+ },
+ {
+ "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 190
+ ],
+ "description": "An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.",
+ "id": "CVE-2019-13126",
+ "published": "2019-07-29T17:15:11+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-03-03T19:13:24+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-26521"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2020/11/02/2"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2020-26521.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).",
+ "id": "CVE-2020-26521",
+ "published": "2020-11-06T08:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:20:36+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-26892"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2020-26892.txt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/1e08b67f08e18cd844dce833a265aaa72500a12f"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commits/master"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26892"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0380"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2020/11/02/2"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 798
+ ],
+ "description": "The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.",
+ "id": "CVE-2020-26892",
+ "published": "2020-11-06T08:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.1.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:20:46+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-28466"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/16/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/16/2"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1731"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/pull/1731/commits/2e3c22672936f4980d343fb1d328b38919e74796"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28466"
+ },
+ {
+ "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNATSIONATSSERVERSERVER-1042967"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or denial-of-service by unauthenticated users, will lead to prompt releases by the NATS maintainers. Fixes for denial of service issues with no threat of remote execution, when limited to account holders, are likely to just be committed to the main development branch with no special attention. Those who are running such services are encouraged to build regularly from git.",
+ "id": "CVE-2020-28466",
+ "published": "2021-03-07T10:15:12+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2021-03-25T00:21:15+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2020-29652"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2020-29652"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652"
+ },
+ {
+ "url": "https://errata.almalinux.org/8/ALSA-2021-1796.html"
+ },
+ {
+ "url": "https://go-review.googlesource.com/c/crypto/+/278852"
+ },
+ {
+ "url": "https://go.dev/cl/278852"
+ },
+ {
+ "url": "https://go.googlesource.com/crypto/+/8b5274cf687fd9316b4108863654cc57385531e8"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2020-29652.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-1796.html"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff%40%3Cnotifications.skywalking.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29652"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0227"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "versions": [
+ {
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.",
+ "id": "CVE-2020-29652",
+ "published": "2020-12-17T05:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20201216223049-8b5274cf687f",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:21:32+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-28831"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-28831"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831"
+ },
+ {
+ "url": "https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28831"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202105-09"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6335-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 755
+ ],
+ "description": "decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.",
+ "id": "CVE-2021-28831",
+ "published": "2021-03-19T05:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r4; Upgrade ssl_client to version 1.32.1-r4",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:32:23+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-30139"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10741"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/12606"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "2.12.1-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash.",
+ "id": "CVE-2021-30139",
+ "published": "2021-04-21T16:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade apk-tools to version 2.12.5-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2021-04-22T18:21:47+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3127"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3127"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2021-3127.txt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt"
+ },
+ {
+ "url": "https://github.com/nats-io/jwt/pull/149/commits/a826c77dc9d2671c961b75ceefdb439c41029866"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/commit/423b79440c80c863de9f4e20548504e6c5d5e403"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3127"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "3cafed8d-2194-4bd3-bdf6-9f8b02673b33",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "7dd812e2-3f88-4d35-ba39-4c74700b2cfb",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "e192291f-a90f-4cc4-ad6d-0379a45256cd",
+ "versions": [
+ {
+ "version": "v0.3.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.1.0",
+ "versions": [
+ {
+ "version": "v1.1.0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/jwt@v1.2.2",
+ "versions": [
+ {
+ "version": "v1.2.2",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 755
+ ],
+ "description": "NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.",
+ "id": "CVE-2021-3127",
+ "published": "2021-03-16T20:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/jwt to version 1.2.3-0.20210314221642-a826c77dc9d2; Upgrade github.com/nats-io/nats-server/v2 to version 2.2.0",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2022-07-12T17:42:04+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-33194"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-33194"
+ },
+ {
+ "url": "https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7"
+ },
+ {
+ "url": "https://go.dev/cl/311090"
+ },
+ {
+ "url": "https://go.dev/issue/46288"
+ },
+ {
+ "url": "https://go.googlesource.com/net/+/37e1c6afe02340126705deced573a85ab75209d7"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/wPunbCPkWUg"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33194"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0238"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/golang.org/x/net@v0.0.0-20210428140749-89ef3d95e781",
+ "versions": [
+ {
+ "version": "v0.0.0-20210428140749-89ef3d95e781",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 835
+ ],
+ "description": "golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.",
+ "id": "CVE-2021-33194",
+ "published": "2021-05-26T15:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/net to version 0.0.0-20210520170846-37e1c6afe023",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:35:49+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3449"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3449"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://github.com/nodejs/node/pull/38083"
+ },
+ {
+ "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3449.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3449"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0055"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0055.html"
+ },
+ {
+ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202103-03"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210513-0002"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
+ },
+ {
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-4891-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5038-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4875"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210325.txt"
+ },
+ {
+ "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-05"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-06"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-09"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-10"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 476
+ ],
+ "description": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).",
+ "id": "CVE-2021-3449",
+ "published": "2021-03-25T15:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 4.3,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.9,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.9,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1k-r0; Upgrade libssl1.1 to version 1.1.1k-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:00+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3450"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3450"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10356"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3450.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2021-9151.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP"
+ },
+ {
+ "url": "https://mta.openssl.org/pipermail/openssl-announce/2021-March/000198.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3450"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0056.html"
+ },
+ {
+ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202103-03"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
+ },
+ {
+ "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210325.txt"
+ },
+ {
+ "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-05"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-08"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-09"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 295
+ ],
+ "description": "The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a \"purpose\" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named \"purpose\" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).",
+ "id": "CVE-2021-3450",
+ "published": "2021-03-25T15:15:13+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.8,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1k-r0; Upgrade libssl1.1 to version 1.1.1k-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:00+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-36159"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-36159"
+ },
+ {
+ "url": "https://github.com/freebsd/freebsd-src/commits/main/lib/libfetch"
+ },
+ {
+ "url": "https://gitlab.alpinelinux.org/alpine/apk-tools/-/issues/10749"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cdev.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3Cusers.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cdev.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3Cusers.kafka.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36159"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-36159"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/apk-tools@2.12.1-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "2.12.1-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.",
+ "id": "CVE-2021-36159",
+ "published": "2021-08-03T14:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.4,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.1,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 9.1,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade apk-tools to version 2.12.6-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:36:43+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3711"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3711"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3711"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0097.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202209-02"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211022-0003"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211022-0003/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4963"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210824.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-16"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-02"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 120
+ ],
+ "description": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).",
+ "id": "CVE-2021-3711",
+ "published": "2021-08-24T15:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "critical"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9.8,
+ "severity": "critical",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "critical"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 9.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1l-r0; Upgrade libssl1.1 to version 1.1.1l-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-3712"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
+ },
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-3712"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
+ },
+ {
+ "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2021-3712.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9023.html"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3712"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2021-0098.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202209-02"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-3"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5088-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
+ },
+ {
+ "url": "https://www.debian.org/security/2021/dsa-4963"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20210824.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2021-16"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-02"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).",
+ "id": "CVE-2021-3712",
+ "published": "2021-08-24T15:15:09+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.8,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.4,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.4,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1l-r0; Upgrade libssl1.1 to version 1.1.1l-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:38:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-38561"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-38561"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38561"
+ },
+ {
+ "url": "https://deps.dev/advisory/OSV/GO-2021-0113"
+ },
+ {
+ "url": "https://go.dev/cl/340830"
+ },
+ {
+ "url": "https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
+ },
+ {
+ "url": "https://pkg.go.dev/golang.org/x/text/language"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2021-0113"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5873-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "869288c8-06d2-4a38-8b68-ced0ff17bc77",
+ "versions": [
+ {
+ "version": "v0.3.6",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "99b7b900-55f8-4676-8c8f-32262681845b",
+ "versions": [
+ {
+ "version": "v0.3.6",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack.",
+ "id": "CVE-2021-38561",
+ "published": "2022-12-26T06:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/text to version 0.3.7",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-01-05T04:52:36+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42374"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42374"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42374"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 125
+ ],
+ "description": "An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that",
+ "id": "CVE-2021-42374",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 3.3,
+ "severity": "info",
+ "method": "CVSSv2",
+ "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.7,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42375"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42375"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42375"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42375"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 159
+ ],
+ "description": "An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.",
+ "id": "CVE-2021-42375",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 1.9,
+ "severity": "info",
+ "method": "CVSSv2",
+ "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 4.1,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:09+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42378"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42378"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42378"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function",
+ "id": "CVE-2021-42378",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42379"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42379"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42379"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function",
+ "id": "CVE-2021-42379",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42380"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42380"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42380"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42380"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function",
+ "id": "CVE-2021-42380",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42382"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42382"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42382"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function",
+ "id": "CVE-2021-42382",
+ "published": "2021-11-15T21:15:07+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42383"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42383"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42383"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42383"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
+ "id": "CVE-2021-42383",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42384"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42384"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42384"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function",
+ "id": "CVE-2021-42384",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42385"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42385"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42385"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function",
+ "id": "CVE-2021-42385",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-42386"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-42386"
+ },
+ {
+ "url": "https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386"
+ },
+ {
+ "url": "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42386"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20211223-0002/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5179-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/busybox@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/ssl_client@1.32.1-r3?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.32.1-r3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 416
+ ],
+ "description": "A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function",
+ "id": "CVE-2021-42386",
+ "published": "2021-11-15T21:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 6.5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.2,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 6.6,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "low"
+ }
+ ],
+ "recommendation": "Upgrade busybox to version 1.32.1-r7; Upgrade ssl_client to version 1.32.1-r7",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:39:10+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2021-43565"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2021-43565"
+ },
+ {
+ "url": "https://go.dev/cl/368814"
+ },
+ {
+ "url": "https://go.dev/issues/49932"
+ },
+ {
+ "url": "https://groups.google.com/forum/#!forum/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/forum/#%21forum/golang-announce"
+ },
+ {
+ "url": "https://groups.google.com/g/golang-announce/c/2AR1sKiM-Qs"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43565"
+ },
+ {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0968"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "64ecbd63-f74a-4fcc-a240-3f8a16435789",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "718081db-83c2-4309-87c8-e43228139b88",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "84eac386-ca89-4217-8a72-84d77e3bd144",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "c6ba0fd6-a390-4fcf-aaec-4a072dcd17c4",
+ "versions": [
+ {
+ "version": "v0.0.0-20200622213623-75b288015ac9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "ce164c60-ee4f-4360-a85f-73106cf59f6c",
+ "versions": [
+ {
+ "version": "v0.0.0-20210421170649-83a5a9bb288b",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20200323165209-0ec3e9974c59",
+ "versions": [
+ {
+ "version": "v0.0.0-20200323165209-0ec3e9974c59",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "description": "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.",
+ "id": "CVE-2021-43565",
+ "published": "2022-09-06T18:15:10+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ ],
+ "recommendation": "Upgrade golang.org/x/crypto to version 0.0.0-20211202192323-5770296d904e",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-11-07T03:39:23+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-0778"
+ },
+ {
+ "url": "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/33"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/35"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2022/May/38"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:5326"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-0778"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2062202"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062202"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778"
+ },
+ {
+ "url": "https://errata.almalinux.org/8/ALSA-2022-5326.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2022:4899"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-0778.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9272.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2022-0014.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220321-0002"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220321-0002/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220429-0005"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220429-0005/"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213255"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213256"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213257"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5328-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5328-2"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6457-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
+ },
+ {
+ "url": "https://www.debian.org/security/2022/dsa-5103"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20220315.txt"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-06"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-07"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-08"
+ },
+ {
+ "url": "https://www.tenable.com/security/tns-2022-09"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 835
+ ],
+ "description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
+ "id": "CVE-2022-0778",
+ "published": "2022-03-15T17:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "low"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "high"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "high"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1n-r0; Upgrade libssl1.1 to version 1.1.1n-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:41:33+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-2097"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2022:6224"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-2097"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2081494"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2087911"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2087913"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2097310"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/2104905"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081494"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097310"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100554"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2104905"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068"
+ },
+ {
+ "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097"
+ },
+ {
+ "url": "https://errata.almalinux.org/9/ALSA-2022-6224.html"
+ },
+ {
+ "url": "https://errata.rockylinux.org/RLSA-2022:5818"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431"
+ },
+ {
+ "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93"
+ },
+ {
+ "url": "https://github.com/alexcrichton/openssl-src-rs"
+ },
+ {
+ "url": "https://linux.oracle.com/cve/CVE-2022-2097.html"
+ },
+ {
+ "url": "https://linux.oracle.com/errata/ELSA-2022-9751.html"
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097"
+ },
+ {
+ "url": "https://rustsec.org/advisories/RUSTSEC-2022-0032.html"
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202210-02"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220715-0011"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20220715-0011/"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230420-0008"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20230420-0008/"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-5502-1"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6457-1"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5343"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20220705.txt"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:apk/alpine/libcrypto1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:apk/alpine/libssl1.1@1.1.1j-r0?arch=x86_64\u0026distro=3.13.2",
+ "versions": [
+ {
+ "version": "1.1.1j-r0",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 327
+ ],
+ "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).",
+ "id": "CVE-2022-2097",
+ "published": "2022-07-05T11:15:08+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "alma"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "amazon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "cbl-mariner"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 7.5,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5,
+ "severity": "medium",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "oracle-oval"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "photon"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 5.3,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ },
+ {
+ "source": {
+ "name": "rocky"
+ },
+ "severity": "medium"
+ },
+ {
+ "source": {
+ "name": "ubuntu"
+ },
+ "severity": "medium"
+ }
+ ],
+ "recommendation": "Upgrade libcrypto1.1 to version 1.1.1q-r0; Upgrade libssl1.1 to version 1.1.1q-r0",
+ "source": {
+ "name": "alpine",
+ "url": "https://secdb.alpinelinux.org/"
+ },
+ "updated": "2023-11-07T03:46:13+00:00"
+ },
+ {
+ "advisories": [
+ {
+ "url": "https://avd.aquasec.com/nvd/cve-2022-24450"
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2022-24450"
+ },
+ {
+ "url": "https://advisories.nats.io/CVE/CVE-2022-24450.txt"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/releases/tag/v2.7.2"
+ },
+ {
+ "url": "https://github.com/nats-io/nats-server/security/advisories/GHSA-g6w6-r76c-28j7"
+ },
+ {
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24450"
+ },
+ {
+ "url": "https://www.cve.org/CVERecord?id=CVE-2022-24450"
+ }
+ ],
+ "affects": [
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.1.9",
+ "versions": [
+ {
+ "version": "v2.1.9",
+ "status": "affected"
+ }
+ ]
+ },
+ {
+ "ref": "pkg:golang/github.com/nats-io/nats-server/v2@v2.2.2",
+ "versions": [
+ {
+ "version": "v2.2.2",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "cwes": [
+ 862
+ ],
+ "description": "NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the \"dynamically provisioned sandbox accounts\" feature.",
+ "id": "CVE-2022-24450",
+ "published": "2022-02-08T02:15:06+00:00",
+ "ratings": [
+ {
+ "source": {
+ "name": "bitnami"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "ghsa"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 9,
+ "severity": "high",
+ "method": "CVSSv2",
+ "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"
+ },
+ {
+ "source": {
+ "name": "nvd"
+ },
+ "score": 8.8,
+ "severity": "high",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ },
+ {
+ "source": {
+ "name": "redhat"
+ },
+ "score": 8.8,
+ "severity": "medium",
+ "method": "CVSSv31",
+ "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "recommendation": "Upgrade github.com/nats-io/nats-server/v2 to version 2.7.2",
+ "source": {
+ "name": "ghsa",
+ "url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago"
+ },
+ "updated": "2023-08-08T14:22:24+00:00"
+ }
+ ]
+}
diff --git a/test/normalize/cdx-1-2-components-protonmail.bom.json b/test/normalize/cdx-1-2-components-protonmail.bom.json
new file mode 100644
index 00000000..789f2430
--- /dev/null
+++ b/test/normalize/cdx-1-2-components-protonmail.bom.json
@@ -0,0 +1,30703 @@
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.2",
+ "serialNumber": "urn:uuid:371ffb8c-c11e-42b5-b5b9-9280fc62783e",
+ "version": 1,
+ "metadata": {
+ "timestamp": "2020-08-03T08:53:09.834Z",
+ "tools": [
+ {
+ "vendor": "CycloneDX",
+ "name": "Node.js module",
+ "version": "2.0.0"
+ }
+ ],
+ "component": {
+ "type": "library",
+ "bom-ref": "pkg:npm/protonmail-web@4.0.0-beta.20",
+ "name": "protonmail-web",
+ "version": "4.0.0-beta.20",
+ "description": "Angular frontend for protonmail.com",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/protonmail-web@4.0.0-beta.20",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ProtonMail/WebClient#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ProtonMail/WebClient/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ProtonMail/WebClient.git"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/polyfill@7.10.4",
+ "group": "@babel",
+ "name": "polyfill",
+ "version": "7.10.4",
+ "description": "Provides polyfills necessary for a full ES2015+ environment",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f0161c9d5a90e64303d875e81c89c11fb1f56ffb8fdca767c026173aa1675ea82e3b2baee38dd65eeb1b2146d611f6376744f1934335b86ffc62e00c84d97ace"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/polyfill@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/core-js@2.6.11",
+ "name": "core-js",
+ "version": "2.6.11",
+ "description": "Standard library",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e708e7a5a4ffddd57e5c1e1ba2b12c9c06107219f4d174a04c058a0e412abfe2bc29ebe36f39a87caea17c9f536489698f6374c50a5acf2ecf891422587ab35a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/core-js@2.6.11",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zloirock/core-js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zloirock/core-js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/zloirock/core-js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/regenerator-runtime@0.13.6",
+ "name": "regenerator-runtime",
+ "version": "0.13.6",
+ "description": "Runtime for Regenerator-compiled generator and async functions.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1a6c251a26b34046cec1058375b6da3f5d22d79a46b5271858b6cc66ebbe44a473d1c67e83c21438d6b3067699a9eee3d7aef4215d47804e3ff22cbb0903dfe1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/regenerator-runtime@0.13.6",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/facebook/regenerator/tree/master/packages/regenerator-runtime"
+ }
+ ]
+ },
+ {
+ "type": "framework",
+ "bom-ref": "pkg:npm/angular@1.8.0",
+ "name": "angular",
+ "version": "1.8.0",
+ "description": "HTML enhanced for web apps",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "55d68cc7e424d129256bb079830efb6bc87395c39a93017c9a3956d770e921620395fab001b4922df77c37fa999f3126405e230b88a87c89ddde013bbcbf1966"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://angularjs.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/angular/angular.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/angular/angular.js.git"
+ }
+ ]
+ },
+ {
+ "type": "framework",
+ "bom-ref": "pkg:npm/angular-aria@1.8.0",
+ "name": "angular-aria",
+ "version": "1.8.0",
+ "description": "AngularJS module for making accessibility easy",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "782408e84c2063a6d81ddcc851f0c00479d98e86776cd6290ac9dc7901786cb7dbab542d67bada44f35c6b8e6c8fa0bd3df8dd7ba3cd7040efb8ba3314f627ad"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-aria@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://angularjs.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/angular/angular.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/angular/angular.js.git"
+ }
+ ]
+ },
+ {
+ "type": "framework",
+ "bom-ref": "pkg:npm/angular-cookies@1.8.0",
+ "name": "angular-cookies",
+ "version": "1.8.0",
+ "description": "AngularJS module for cookies",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8163b744a17458c99786c7a2377030f5a126437981e77c12740c6978a2876e20f053bbe62be301b9e6f2397f6a6f0658b9b9f99ccf0b0726559a0ed3ea3395d7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-cookies@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://angularjs.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/angular/angular.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/angular/angular.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/angular-gettext@2.4.1",
+ "name": "angular-gettext",
+ "version": "2.4.1",
+ "description": "Gettext support for Angular.js",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f816ba998e613dd91aebcaf12ee5e4ec708315e892e842071532a04d3d2d4d5b606a9ea035d2739b275bf0d8aab396b295ff14dc1efe9b5113ce9a44feab602b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-gettext@2.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://angular-gettext.rocketeer.be/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/rubenv/angular-gettext/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/rubenv/angular-gettext.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/angular-ical@1.1.0",
+ "name": "angular-ical",
+ "version": "1.1.0",
+ "description": "angular-ical is an Angular factory wrapper for ical.js (https://github.com/mozilla-comm/ical.js)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b3a34e889d547181f09d415a7b577a0708a63f1c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-ical@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stevemao/angular-ical#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stevemao/angular-ical/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stevemao/angular-ical.git"
+ }
+ ]
+ },
+ {
+ "type": "framework",
+ "bom-ref": "pkg:npm/angular-loader@1.8.0",
+ "name": "angular-loader",
+ "version": "1.8.0",
+ "description": "AngularJS module for asynchronously loading modules",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "342bcb2c55829312d1dffcc169518cfbbabd209ce86f1d8f5573273e82a3b40213a4ce808671f949816417370ad6843a3fa736bf4a0b79fea88a3ee64848f433"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-loader@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://angularjs.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/angular/angular.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/angular/angular.js.git"
+ }
+ ]
+ },
+ {
+ "type": "framework",
+ "bom-ref": "pkg:npm/angular-messages@1.8.0",
+ "name": "angular-messages",
+ "version": "1.8.0",
+ "description": "AngularJS module that provides enhanced support for displaying messages within templates",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2d29724eff34cb5be0f027ddcfe449d01aeb69692ad2ab0e647cab1c54fc3726160b9ca9e8741a6ef66f4e92aff5803eea8d39c30014f74a971d2ae752549f94"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-messages@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://angularjs.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/angular/angular.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/angular/angular.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/angular-notify@2.5.0",
+ "name": "angular-notify",
+ "version": "2.5.0",
+ "description": "A minimalistic notification service for angular.",
+ "purl": "pkg:npm/angular-notify@2.5.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/cgross/angular-notify#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/cgross/angular-notify/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/cgross/angular-notify.git"
+ }
+ ]
+ },
+ {
+ "type": "framework",
+ "bom-ref": "pkg:npm/angular-sanitize@1.8.0",
+ "name": "angular-sanitize",
+ "version": "1.8.0",
+ "description": "AngularJS module for sanitizing HTML",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8f91a238f0af7dc0d62b9b2f10e5683dbd755f7503572fe67473d15aecb5e08cb0f3ac5aabe05bfb1fde9b6b0039ae4c410798e5c88b5db177451a7c88229c36"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-sanitize@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://angularjs.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/angular/angular.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/angular/angular.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/angular-ui-codemirror@0.3.0",
+ "name": "angular-ui-codemirror",
+ "version": "0.3.0",
+ "description": "This directive allows you to add CodeMirror to your textarea elements.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e4286fc50f393f2a6e697c1bf3170424e12cbb60"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-ui-codemirror@0.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://angular-ui.github.com"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/angular-ui/ui-codemirror/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/angular-ui/ui-codemirror.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/angular-ui-indeterminate@1.0.0",
+ "name": "angular-ui-indeterminate",
+ "version": "1.0.0",
+ "description": "Provides an easy way to toggle a checkbox input's special 'indeterminate' property. This is a visual toggle only and in no way affects the model or value outside of native browser behavior at this time.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "51784a60eb80aee8251e9fc9ec30fbe105125514"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-ui-indeterminate@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/angular-ui/ui-indeterminate"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/angular-ui/ui-indeterminate/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/angular-ui/ui-indeterminate.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/angular-ui-router@0.4.3",
+ "name": "angular-ui-router",
+ "version": "0.4.3",
+ "description": "State-based routing for AngularJS",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "106046ec6ec0ac556424f33e64880f2ae318b93d7a510aebdf38f70448971cac31b2cf3aedb1addeeed00fd83807147e2b6a903925a893a246be04d65c0928dc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-ui-router@0.4.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://angular-ui.github.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/angular-ui/ui-router/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/angular-ui/ui-router.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/angular-vs-repeat@2.0.13",
+ "name": "angular-vs-repeat",
+ "version": "2.0.13",
+ "description": "Virtual Scroll for AngularJS ngRepeat directive",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "25bd033ade23539ff1671ef08cabe0649b6001a300e1914bab969e40753c536219cfc8b158fd0c2fa805590d7279f31aa6f8392d5f997c0f3565e78dfcdb49ec"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-vs-repeat@2.0.13",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://kamilkp.github.io/angular-vs-repeat"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kamilkp/angular-vs-repeat/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/kamilkp/angular-vs-repeat.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/asmcrypto.js@2.3.2",
+ "name": "asmcrypto.js",
+ "version": "2.3.2",
+ "description": "Asm.js implementation of WebCrypto API",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dc58050117fb46ea6c6444d0d671e784b514be972db5c0aad6264269501b2596c267954d46b372be90f21d339bd0a0b796515cb32393fdaf7d3597026de884b0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/asmcrypto.js@2.3.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/asmcrypto/asmcrypto.js"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/asmcrypto/asmcrypto.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/asmcrypto/asmcrypto.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/autofill-event@1.0.0",
+ "name": "autofill-event",
+ "version": "1.0.0",
+ "description": "[](https://travis-ci.org/tbosch/autofill-event) # Autofill event polyfill",
+ "purl": "pkg:npm/autofill-event@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/tbosch/autofill-event#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/tbosch/autofill-event/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/tbosch/autofill-event.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/awesomplete@1.1.1",
+ "name": "awesomplete",
+ "version": "1.1.1",
+ "description": "http://leaverou.github.io/awesomplete/",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/awesomplete@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://leaverou.github.io/awesomplete/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/LeaVerou/awesomplete/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/LeaVerou/awesomplete.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/bcryptjs@2.4.3",
+ "name": "bcryptjs",
+ "version": "2.4.3",
+ "description": "Optimized bcrypt in plain JavaScript with zero dependencies. Compatible to 'bcrypt'.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9ab5627b93e60621ff7cdac5da9733027df1d0cb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/bcryptjs@2.4.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/dcodeIO/bcrypt.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/dcodeIO/bcrypt.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/dcodeIO/bcrypt.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/blob.js@1.0.1",
+ "name": "blob.js",
+ "version": "1.0.1",
+ "description": "An HTML5 Blob implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "547b449b252c855313e837b53d15b41d000ea1d2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/blob.js@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ecomputer/Blob.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ecomputer/Blob.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ecomputer/Blob.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/clipboard@2.0.6",
+ "name": "clipboard",
+ "version": "2.0.6",
+ "description": "Modern copy to clipboard. No Flash. Just 2kb",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "839cdb8a2c41464ff0c8a6a44b008a77bbd05c38c59c03061e8132068806fdbc3d9130fd1af740bdaa1147500b704cedde954ac59474a5589e90f3084b44321a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/clipboard@2.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zenorocha/clipboard.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zenorocha/clipboard.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/zenorocha/clipboard.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/good-listener@1.2.2",
+ "name": "good-listener",
+ "version": "1.2.2",
+ "description": "A more versatile way of adding & removing event listeners",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d53b30cdf9313dffb7dc9a0d477096aa6d145c50"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/good-listener@1.2.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zenorocha/good-listener#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zenorocha/good-listener/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/zenorocha/good-listener.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/delegate@3.2.0",
+ "name": "delegate",
+ "version": "3.2.0",
+ "description": "Lightweight event delegation",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2287e39180596998af9f457c9e7b0c24606be2354bc470e178a496f3c3f2c52e500b8568f596d956f873952c58f3b7d5ab749347aafee1c19ea721e47163904b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/delegate@3.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zenorocha/delegate#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zenorocha/delegate/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/zenorocha/delegate.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/select@1.1.2",
+ "name": "select",
+ "version": "1.1.2",
+ "description": "Programmatically select the text of a HTML element",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "0e7350acdec80b1108528786ec1d4418d11b396d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/select@1.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zenorocha/select#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zenorocha/select/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/zenorocha/select.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/tiny-emitter@2.1.0",
+ "name": "tiny-emitter",
+ "version": "2.1.0",
+ "description": "A tiny (less than 1k) event emitter library",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "341e8393503dc6040f3281aa0b90955e7d76de05b2b5edb5e4e353e4fa796b4cade27944a0ed5959e0b0a6771a7a43c75ceeb48b8ee28459d93e244f8d132ae1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/tiny-emitter@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/scottcorgan/tiny-emitter#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/scottcorgan/tiny-emitter/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/scottcorgan/tiny-emitter.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/codemirror@5.56.0",
+ "name": "codemirror",
+ "version": "5.56.0",
+ "description": "Full-featured in-browser code editor",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "31f2959988227d78d0a4b4a0a444ee8a1ec0ed64d322cc6f29f48b1ac793639faab74135503d706e564633a58b7a7391a3cb2099ffb75fe5937b6585ee6b9fcb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/codemirror@5.56.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://codemirror.net"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "http://github.com/codemirror/CodeMirror/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/codemirror/CodeMirror.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/components-font-awesome@4.7.0",
+ "name": "components-font-awesome",
+ "version": "4.7.0",
+ "description": "Font Awesome, the iconic font designed for use with Twitter Bootstrap.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a7550094b6e2cb5cd7dce49c405771c533e9cfe1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "id": "OFL-1.1"
+ }
+ }
+ ],
+ "purl": "pkg:npm/components-font-awesome@4.7.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/components/font-awesome#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/components/font-awesome/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/components/font-awesome.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/credit-card-type@8.3.0",
+ "name": "credit-card-type",
+ "version": "8.3.0",
+ "description": "A library for determining credit card type",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7337d952943b5bd083c592f8c852dbd6416d33fab6953398f7be612f668ef830bcf8644d0d54975421d78551593f18942a640265b14ff2f221c71e5305069387"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/credit-card-type@8.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/braintree/credit-card-type"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/braintree/credit-card-type/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/braintree/credit-card-type.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cssuseragent@2.1.31",
+ "name": "cssuseragent",
+ "version": "2.1.31",
+ "description": "Automatically adds UserAgent-specific CSS classes to the document allowing for browser variations without resorting to CSS hacks.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "bbb6e5695e5a5f1b80c898af933a87087b30ba3e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cssuseragent@2.1.31",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://cssuseragent.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mckamey/cssuseragent/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mckamey/cssuseragent.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/declassify@2.1.0",
+ "name": "declassify",
+ "version": "2.1.0",
+ "description": "Remove any classes or IDs not found in CSS from HTML - modifies HTML, not CSS.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "09e1a46088cf009a5b73dbe06f75390cf7dc74b6018eb5f1944e44391b3b0a8a447845b650632d843efbc854e26e16fa4a42392a215e915934bd1d0b609d98fe"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/declassify@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jrit/declassify#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jrit/declassify/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jrit/declassify.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cheerio@0.22.0",
+ "name": "cheerio",
+ "version": "0.22.0",
+ "description": "Tiny, fast, and elegant implementation of core jQuery designed specifically for the server",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a9baa860a3f9b595a6b81b1a86873121ed3a269e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cheerio@0.22.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/cheeriojs/cheerio#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/cheeriojs/cheerio/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/cheeriojs/cheerio.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/css-select@1.2.0",
+ "name": "css-select",
+ "version": "1.2.0",
+ "description": "a CSS selector compiler/engine",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2b3a110539c5355f1cd8d314623e870b121ec858"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-like"
+ }
+ }
+ ],
+ "purl": "pkg:npm/css-select@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/css-select#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/css-select/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fb55/css-select.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/boolbase@1.0.0",
+ "name": "boolbase",
+ "version": "1.0.0",
+ "description": "two functions: One that returns true, one that returns false",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "68dff5fbe60c51eb37725ea9e3ed310dcc1e776e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/boolbase@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/boolbase"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/boolbase/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/fb55/boolbase.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/css-what@2.1.3",
+ "name": "css-what",
+ "version": "2.1.3",
+ "description": "a CSS selector parser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6be10fa03fae66235f87ee5fc70da73bd43015aea725ed8eaf7e5f198e88a70d51dd1e001b3d5dd53119ac27a0bf0d984e66748d78ab198973c71a58487c2912"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/css-what@2.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/css-what#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/css-what/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/fb55/css-what.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/domutils@1.5.1",
+ "name": "domutils",
+ "version": "1.5.1",
+ "description": "utilities for working with htmlparser2's dom",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "dcd8488a26f563d61079e48c9f7b7e32373682cf"
+ }
+ ],
+ "purl": "pkg:npm/domutils@1.5.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/FB55/domutils#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/FB55/domutils/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/FB55/domutils.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/dom-serializer@0.1.1",
+ "name": "dom-serializer",
+ "version": "0.1.1",
+ "description": "render dom nodes to string",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "974214d293f32d648705c89e65ba4e2a09089f7b6cdef021ed9b85c9737027125793f7381b08fdc5a4c9c080d54025dac160f4a9bdc8ccc187e6b82541a3b45c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/dom-serializer@0.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/cheeriojs/dom-renderer#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/cheeriojs/dom-renderer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/cheeriojs/dom-renderer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/domelementtype@1.3.1",
+ "name": "domelementtype",
+ "version": "1.3.1",
+ "description": "all the types of nodes in htmlparser2's dom",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "052281f934a9329148fc73b108daf53bc68c39367c853de9337190d30fe65919a48440d2149924cb3cf85d0b01578e010a1c0692b0df3328d50f4780d9a155df"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/domelementtype@1.3.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/domelementtype#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/domelementtype/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fb55/domelementtype.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/entities@1.1.2",
+ "name": "entities",
+ "version": "1.1.2",
+ "description": "Encode & decode XML/HTML entities with ease",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7f62d9318975173bbb61204a83e46844e7a5a4e68dadc1a613d019b9b7837eb08489ae3cde85b8308e15c8577954d1c8810ffbaa6d48d305072b57899e7db2db"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/entities@1.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/entities#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/entities/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fb55/entities.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/nth-check@1.0.2",
+ "name": "nth-check",
+ "version": "1.0.2",
+ "description": "performant nth-check parser & compiler",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "59e04e763bbc4a7ccf379bd3509631614c4b797a426953f98b97b42c5f1f83b58e445d9677bc055ffa64d2d61993bb3c4fe27b54bcb40dae89d7ec024f402d1e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/nth-check@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/nth-check"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/nth-check/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/fb55/nth-check.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/htmlparser2@3.10.1",
+ "name": "htmlparser2",
+ "version": "3.10.1",
+ "description": "Fast & forgiving HTML/XML/RSS parser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "22089e3628d431b903a2fca828e6d4d435219b58b035813f7ee89f1281077ddd6864a64368e3414a46a5ed8d35b21c6c338f51e1768c7467b3dd69c5f547e209"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/htmlparser2@3.10.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/htmlparser2#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "http://github.com/fb55/htmlparser2/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fb55/htmlparser2.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/domhandler@2.4.2",
+ "name": "domhandler",
+ "version": "2.4.2",
+ "description": "handler for htmlparser2 that turns pages into a dom",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2622b4e21d07b79bbff347dd2cc084995e3390d87605ca0c141999ffdd56b5867ca955d22a38b0edf5cc8053e71dc49980ea375dd8a71ef9a70d478c7f9478c0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/domhandler@2.4.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/DomHandler#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/DomHandler/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fb55/DomHandler.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/inherits@2.0.4",
+ "name": "inherits",
+ "version": "2.0.4",
+ "description": "Browser-friendly inheritance fully compatible with standard node.js inherits()",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "93fbc6697e3f6256b75b3c8c0af4d039761e207bea38ab67a8176ecd31e9ce9419cc0b2428c859d8af849c189233dcc64a820578ca572b16b8758799210a9ec1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/inherits@2.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/inherits#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/inherits/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/inherits.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/readable-stream@3.6.0",
+ "name": "readable-stream",
+ "version": "3.6.0",
+ "description": "Streams3, a user-land copy of the stream library from Node.js",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "055887cbb2ca793cf8a0d9e470b27e95548beafa6215e5fafddde8487f33096ed4c4fda89dc864faf4c6075e37c6e1631d2ddd7938242a85d7ca65eaca688874"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/readable-stream@3.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/nodejs/readable-stream#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/nodejs/readable-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/nodejs/readable-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/string_decoder@1.3.0",
+ "name": "string_decoder",
+ "version": "1.3.0",
+ "description": "The string_decoder module from Node core",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "864457f14d568c915df0bb03276c90ff0596c5aa2912c0015355df90cf00fa3d3ef392401a9a6dd7a72bd56860e8a21b6f8a2453a32a97a04e8febaea7fc0a78"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/string_decoder@1.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/nodejs/string_decoder"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/nodejs/string_decoder/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/nodejs/string_decoder.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/safe-buffer@5.2.1",
+ "name": "safe-buffer",
+ "version": "5.2.1",
+ "description": "Safer Node.js Buffer API",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ae9dd2a34eca71d9a629b1af81a37141226bedb1954959394bd12ad45fa9a5b468ef4f9879a0f1930e4377c34f37e183e9b8e7626d95b8fb825e6a6e62f9825d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/safe-buffer@5.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/feross/safe-buffer"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/feross/safe-buffer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/feross/safe-buffer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/util-deprecate@1.0.2",
+ "name": "util-deprecate",
+ "version": "1.0.2",
+ "description": "The Node.js `util.deprecate()` function with browser support",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "450d4dc9fa70de732762fbd2d4a28981419a0ccf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/util-deprecate@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/TooTallNate/util-deprecate"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/TooTallNate/util-deprecate/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/TooTallNate/util-deprecate.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.assignin@4.2.0",
+ "name": "lodash.assignin",
+ "version": "4.2.0",
+ "description": "The lodash method `_.assignIn` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ba8df5fb841eb0a3e8044232b0e263a8dc6a28a2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.assignin@4.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.bind@4.2.1",
+ "name": "lodash.bind",
+ "version": "4.2.1",
+ "description": "The lodash method `_.bind` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "7ae3017e939622ac31b7d7d7dcb1b34db1690d35"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.bind@4.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.defaults@4.2.0",
+ "name": "lodash.defaults",
+ "version": "4.2.0",
+ "description": "The lodash method `_.defaults` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d09178716ffea4dde9e5fb7b37f6f0802274580c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.defaults@4.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.filter@4.6.0",
+ "name": "lodash.filter",
+ "version": "4.6.0",
+ "description": "The lodash method `_.filter` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "668b1d4981603ae1cc5a6fa760143e480b4c4ace"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.filter@4.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.flatten@4.4.0",
+ "name": "lodash.flatten",
+ "version": "4.4.0",
+ "description": "The lodash method `_.flatten` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f31c22225a9632d2bbf8e4addbef240aa765a61f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.flatten@4.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.foreach@4.5.0",
+ "name": "lodash.foreach",
+ "version": "4.5.0",
+ "description": "The lodash method `_.forEach` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1a6a35eace401280c7f06dddec35165ab27e3e53"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.foreach@4.5.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.map@4.6.0",
+ "name": "lodash.map",
+ "version": "4.6.0",
+ "description": "The lodash method `_.map` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "771ec7839e3473d9c4cde28b19394c3562f4f6d3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.map@4.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.merge@4.6.2",
+ "name": "lodash.merge",
+ "version": "4.6.2",
+ "description": "The Lodash method `_.merge` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d0aa63a97455beb6320ac5f5b3047f5d32b4bdae9542440ce8c368ecfa96efb0728c086801103c11facfd4de3e2a52a3f184b46540ad453fd852e872603ba321"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.merge@4.6.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.pick@4.4.0",
+ "name": "lodash.pick",
+ "version": "4.4.0",
+ "description": "The lodash method `_.pick` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "52f05610fff9ded422611441ed1fc123a03001b3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.pick@4.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.reduce@4.6.0",
+ "name": "lodash.reduce",
+ "version": "4.6.0",
+ "description": "The lodash method `_.reduce` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f1ab6b839299ad48f784abbf476596f03b914d3b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.reduce@4.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.reject@4.6.0",
+ "name": "lodash.reject",
+ "version": "4.6.0",
+ "description": "The lodash method `_.reject` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "80d6492dc1470864bbf583533b651f42a9f52415"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.reject@4.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.some@4.6.0",
+ "name": "lodash.some",
+ "version": "4.6.0",
+ "description": "The lodash method `_.some` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1bb9f314ef6b8baded13b549169b2a945eb68e4d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.some@4.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cssom@0.3.8",
+ "name": "cssom",
+ "version": "0.3.8",
+ "description": "CSS Object Model implementation and CSS parser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6f4b461db7de81b84f269c698813d4dac0a48a002ab4cf4ed76d657ba6db3a583257e3721b20a655f27a416f5e463cfc0a935f5843980483081916242f0b0862"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cssom@0.3.8",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/NV/CSSOM#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/NV/CSSOM/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/NV/CSSOM.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/design-system@1.8.4",
+ "name": "design-system",
+ "version": "1.8.4",
+ "description": "Proton Design system, for all Proton Projects: https://design-system.protontech.ch/",
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/design-system@1.8.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ProtonMail/design-system#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ProtonMail/design-system/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/ProtonMail/design-system.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/dompurify@1.0.11",
+ "name": "dompurify",
+ "version": "1.0.11",
+ "description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5f2c024d766d73fa825f78a9ac3d69224951564fee865f012a9913c6bf99c8c554cd2520ef09105d1069fdeb89e49e66a1ad50bdfa6f68f4153fbd73d4ee7d75"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MPL-2.0 OR Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/dompurify@1.0.11",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/cure53/DOMPurify"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/cure53/DOMPurify/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/cure53/DOMPurify.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/dropzone@5.7.1",
+ "name": "dropzone",
+ "version": "5.7.1",
+ "description": "Handles drag and drop of files for you.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7aa70969fba930a4655548a166db0b9332e7d365933d430778898fe59b569b711139b0bf76fd79b5ed2aaa7fd7dab10a692a910b4a4d4c75013e0acf59c3f9db"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/dropzone@5.7.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://www.dropzonejs.com"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://gitlab.com/meno/dropzone/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://gitlab.com/meno/dropzone.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/fastclick@1.0.6",
+ "name": "fastclick",
+ "version": "1.0.6",
+ "description": "Polyfill to remove click delays on browsers with touch UIs.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "161625b27b1a5806405936bda9a2c1926d06be6a"
+ }
+ ],
+ "purl": "pkg:npm/fastclick@1.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ftlabs/fastclick"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ftlabs/fastclick/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ftlabs/fastclick.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/file-saver@2.0.2",
+ "name": "file-saver",
+ "version": "2.0.2",
+ "description": "An HTML5 saveAs() FileSaver implementation",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5b3ddcdd7439c6ba02c5dd46f1bef22f412191fd130bda180ba6ee3c590d9d4f449da3e589f780142c8287e89ec174f2151720d1aea3dc9ec5989b0886584177"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/file-saver@2.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/eligrey/FileSaver.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/eligrey/FileSaver.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/eligrey/FileSaver.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/get-random-values@1.0.1",
+ "name": "get-random-values",
+ "version": "1.0.1",
+ "description": "Cross browser and node.js implementation to generate random values",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/get-random-values@1.0.1"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/hi-base32@0.5.0",
+ "name": "hi-base32",
+ "version": "0.5.0",
+ "description": "A simple Base32 encode / decode function for JavaScript supports UTF-8 encoding.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0c3466c52ca862ebe351bf449d776888c0a1059ed9714549b0ae45addde4a8c86e071be665d9c17b29c055f8fbfc409b9fef827a4728a6bbc2feba6b1cf02da3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/hi-base32@0.5.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/emn178/hi-base32"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/emn178/hi-base32/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/emn178/hi-base32.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ical.js@1.4.0",
+ "name": "ical.js",
+ "version": "1.4.0",
+ "description": "Javascript parser for ics (rfc5545) and vcard (rfc6350) data",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "96d1d9b8e14d3637321186f30e08de992ecb588161dafc9d25ece7c501d48777676ab6f1a8e62c58e358b5e05502ad4c10e1e7c171463767ac91945e1dc967ac"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MPL-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ical.js@1.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mozilla-comm/ical.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mozilla-comm/ical.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mozilla-comm/ical.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/intl-tel-input@12.4.0",
+ "name": "intl-tel-input",
+ "version": "12.4.0",
+ "description": "A jQuery plugin for entering international telephone numbers",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b555edf5071ccc8a7d63ac96c437faa7cfb861f994d4d1926cd53793163810f63e415fbe8f80e50b5819ff090d222f284e9c8951664aab3ca7085f58d77e7079"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/intl-tel-input@12.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jackocnr/intl-tel-input#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jackocnr/intl-tel-input/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jackocnr/intl-tel-input.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jquery@3.4.1",
+ "name": "jquery",
+ "version": "3.4.1",
+ "description": "JavaScript library for DOM operations",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dfaf80741cc22fecbaaa3c394f1ec78337860b30bcd4c0c381a50ff25776ce1c79f0776a5c6a0177eb4776b04c8b28c642cd07c6cfcc2d94eefde1cd249b963f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jquery@3.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://jquery.com"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jquery/jquery/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jquery/jquery.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jquery-mousewheel@3.1.13",
+ "name": "jquery-mousewheel",
+ "version": "3.1.13",
+ "description": "A jQuery plugin that adds cross-browser mouse wheel support.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "06f0335f16e353a695e7206bf50503cb523a6ee5"
+ }
+ ],
+ "purl": "pkg:npm/jquery-mousewheel@3.1.13",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jquery/jquery-mousewheel"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jquery/jquery-mousewheel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jquery/jquery-mousewheel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jquery.payment@3.0.0",
+ "name": "jquery.payment",
+ "version": "3.0.0",
+ "description": "A general purpose library for building credit card forms, validating inputs and formatting numbers.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "71b2319547cf430bdaeebd1091b77d6cae5cd505"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jquery.payment@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stripe/jquery.payment#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stripe/jquery.payment/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stripe/jquery.payment.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jszip@3.5.0",
+ "name": "jszip",
+ "version": "3.5.0",
+ "description": "Create, read and edit .zip files with JavaScript http://stuartk.com/jszip",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "591b6eed33c299878f4759dacdfaedb85db5e9c215a27ff71963af1d2f504796c8c126e7c6d76999aeae9f78f21863611ec2824b39f962993e1240d1bd31a214"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "(MIT OR GPL-3.0)"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jszip@3.5.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Stuk/jszip#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Stuk/jszip/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/Stuk/jszip.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lie@3.3.0",
+ "name": "lie",
+ "version": "3.3.0",
+ "description": "A basic but performant promise implementation",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "51a88c27379646512e8f302ec392e8918d4be5e70d41864a7e6c99f4bef00c76ffa797ad29ac5786884172bc341186f2f86fcd039daf452378377f5dc47008c1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lie@3.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/calvinmetcalf/lie#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/calvinmetcalf/lie/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/calvinmetcalf/lie.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/immediate@3.0.6",
+ "name": "immediate",
+ "version": "3.0.6",
+ "description": "A cross browser microtask library",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9db1dbd0faf8de6fbe0f5dd5e56bb606280de69b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/immediate@3.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/calvinmetcalf/immediate#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/calvinmetcalf/immediate/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/calvinmetcalf/immediate.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pako@1.0.11",
+ "name": "pako",
+ "version": "1.0.11",
+ "description": "zlib port to javascript - fast, modularized, with browser support",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e212c1f0fcb8cd971ee6ce3277d5f3a29ab056fff218d855d4197c353982ab5efadc778adbe130553bfe95e19e2f5dc39e1db07dbaa8c153d70883b4cf8b5a63"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "(MIT AND Zlib)"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pako@1.0.11",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/nodeca/pako"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/nodeca/pako/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/nodeca/pako.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/readable-stream@2.3.7",
+ "name": "readable-stream",
+ "version": "2.3.7",
+ "description": "Streams3, a user-land copy of the stream library from Node.js",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "11b868f0ae2321b1c0c67bb18bba38d8ead9805fd94cd72c663ea744ac949a484b16af021c8b69fdfcba85066e6663ff9f7c99f550546e9e33cff997f219983f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/readable-stream@2.3.7",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/nodejs/readable-stream#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/nodejs/readable-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/nodejs/readable-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/core-util-is@1.0.2",
+ "name": "core-util-is",
+ "version": "1.0.2",
+ "description": "The `util.is*` functions introduced in Node v0.12.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b5fd54220aa2bc5ab57aab7140c940754503c1a7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/core-util-is@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/core-util-is#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/core-util-is/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/core-util-is.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/isarray@1.0.0",
+ "name": "isarray",
+ "version": "1.0.0",
+ "description": "Array#isArray for older browsers",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "bb935d48582cba168c06834957a54a3e07124f11"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/isarray@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/juliangruber/isarray"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/juliangruber/isarray/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/juliangruber/isarray.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/process-nextick-args@2.0.1",
+ "name": "process-nextick-args",
+ "version": "2.0.1",
+ "description": "process.nextTick but always with args",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "de8b943a9421b60adb39ad7b27bfaec4e4e92136166863fbfc0868477f80fbfd5ef6c92bcde9468bf757cc4632bdbc6e6c417a5a7db2a6c7132a22891459f56a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/process-nextick-args@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/calvinmetcalf/process-nextick-args"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/calvinmetcalf/process-nextick-args/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/calvinmetcalf/process-nextick-args.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/safe-buffer@5.1.2",
+ "name": "safe-buffer",
+ "version": "5.1.2",
+ "description": "Safer Node.js Buffer API",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "19dd94641243917958ec66c9c5fb04f3f9ef2a45045351b7f1cd6c88de903fa6bd3d3f4c98707c1a7a6c71298c252a05f0b388aedf2e77fc0fb688f2b381bafa"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/safe-buffer@5.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/feross/safe-buffer"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/feross/safe-buffer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/feross/safe-buffer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/string_decoder@1.1.1",
+ "name": "string_decoder",
+ "version": "1.1.1",
+ "description": "The string_decoder module from Node core",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9ff4a19ef0e2e851db6d57ef8aba3e5a88e2173bfeb3c30f30705ccd578f7d4a4324bc282d3d21b759786300426e2f29240bde104767907c8fc933ff9b345fc2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/string_decoder@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/nodejs/string_decoder"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/nodejs/string_decoder/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/nodejs/string_decoder.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/set-immediate-shim@1.0.1",
+ "name": "set-immediate-shim",
+ "version": "1.0.1",
+ "description": "Simple setImmediate shim",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4b2b1b27eb808a9f8dcc481a58e5e56f599f3f61"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/set-immediate-shim@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/set-immediate-shim#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/set-immediate-shim/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/set-immediate-shim.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/juice@5.2.0",
+ "name": "juice",
+ "version": "5.2.0",
+ "description": "Inlines css into html source",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d25e866664f779f7b1c9a69acb749c84a4f9906df5d4de7d4c414fe657ef132d27cfd48daa3c77d75a652776f88f37bb6abb260ec88740b87fc6702e9341c54d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/juice@5.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Automattic/juice#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Automattic/juice/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/Automattic/juice.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/commander@2.20.3",
+ "name": "commander",
+ "version": "2.20.3",
+ "description": "the complete solution for node.js command-line programs",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1a956498cf2f176bd05248f62ef6660f7e49c5e24e2c2c09f5c524ba0ca4da7ba16efdfe989be92d862dfb4f9448cc44fa88fe7b2fe52449e1670ef9c7f38c71"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/commander@2.20.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/tj/commander.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/tj/commander.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/tj/commander.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cross-spawn@6.0.5",
+ "name": "cross-spawn",
+ "version": "6.0.5",
+ "description": "Cross platform child_process#spawn and child_process#spawnSync",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "79354bac14adedf8db0f2833f34e69327b2d22cd954c1364466d2ac5977e33b0395c377155158ee4cc460576618d8e1ca8b60b76dac6a917fc9813e6cf04a959"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cross-spawn@6.0.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/moxystudio/node-cross-spawn"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/moxystudio/node-cross-spawn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/nice-try@1.0.5",
+ "name": "nice-try",
+ "version": "1.0.5",
+ "description": "Tries to execute a function and discards any error that occurs",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d67878e5d79e6f9a25358ede5fcd8190f3bb492c51e524982623d3ad3745515630025f0228c03937d3e34d89078918e2b15731710d475dd2e1c76ab1c49ccb35"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/nice-try@1.0.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/electerious/nice-try"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/electerious/nice-try/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/electerious/nice-try.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/path-key@2.0.1",
+ "name": "path-key",
+ "version": "2.0.1",
+ "description": "Get the PATH environment variable key cross-platform",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "411cadb574c5a140d3a4b1910d40d80cc9f40b40"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/path-key@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/path-key#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/path-key/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/path-key.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/semver@5.7.1",
+ "name": "semver",
+ "version": "5.7.1",
+ "description": "The semantic version parser used by npm.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b1ab9a0dffcf65d560acb4cd60746da576b589188a71a79b88a435049769425587da50af7b141d5f9e6c9cf1722bb433a6e76a6c2234a9715f39ab0777234319"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/semver@5.7.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/npm/node-semver#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/npm/node-semver/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/npm/node-semver.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/shebang-command@1.2.0",
+ "name": "shebang-command",
+ "version": "1.2.0",
+ "description": "Get the command from a shebang",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "44aac65b695b03398968c39f363fee5deafdf1ea"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/shebang-command@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kevva/shebang-command#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kevva/shebang-command/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/kevva/shebang-command.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/shebang-regex@1.0.0",
+ "name": "shebang-regex",
+ "version": "1.0.0",
+ "description": "Regular expression for matching a shebang",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "da42f49740c0b42db2ca9728571cb190c98efea3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/shebang-regex@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/shebang-regex#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/shebang-regex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/shebang-regex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/which@1.3.1",
+ "name": "which",
+ "version": "1.3.1",
+ "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1f125d616ab53132106c9de7c3472ab2c1e84cd536ebb2a5ac3b866755989710d2b54b4a52139a266875d76fd36661f1c547ee26a3d748e9bbb43c9ab3439221"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/which@1.3.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/node-which#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/node-which/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/node-which.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/isexe@2.0.0",
+ "name": "isexe",
+ "version": "2.0.0",
+ "description": "Minimal module to check if a file is executable.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e8fbf374dc556ff8947a10dcb0572d633f2cfa10"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/isexe@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/isexe#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/isexe/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/isaacs/isexe.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/deep-extend@0.6.0",
+ "name": "deep-extend",
+ "version": "0.6.0",
+ "description": "Recursive object extending",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2ce1f120e68f61d1e5251b4241f0c8559b5fc3fb9f33cfab563eb8f51207cdc9bfbc6c1045716de8e3ea2055ac9b65c432b34812d591eb8b18d4b10a0f6bc038"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/deep-extend@0.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/unclechu/node-deep-extend"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/unclechu/node-deep-extend/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/unclechu/node-deep-extend.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mensch@0.3.4",
+ "name": "mensch",
+ "version": "0.3.4",
+ "description": "A decent CSS parser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "200785bdc3a757d574624f9b161611d3b3b7c8d8a76bd00d20de4ca1704a609fd12d83eeaddd9dd32c35e0c0e1a6bf7f9a89a9d16a1f4f56cf521de1933762fe"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mensch@0.3.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/brettstimmerman/mensch"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/brettstimmerman/mensch/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/brettstimmerman/mensch.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/slick@1.12.2",
+ "name": "slick",
+ "version": "1.12.2",
+ "description": "Standalone CSS Selector Finder and Parser.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "bd048ddb74de7d1ca6915faa4a57570b3550c2d7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "MIT (http://mootools.net/license.txt)"
+ }
+ }
+ ],
+ "purl": "pkg:npm/slick@1.12.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kamicane/slick"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kamicane/slick/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/kamicane/slick.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/web-resource-inliner@4.3.4",
+ "name": "web-resource-inliner",
+ "version": "4.3.4",
+ "description": "Inlines img, script and link tags into the same file.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6a054081184e3a2e06565bca2b7e28336ded0e01fcdfdd077cb9d96361d997c38507028dbd42641fbb7cf404f68a5b903fcc3d547000297e99f0437bffdb6a28"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/web-resource-inliner@4.3.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jrit/web-resource-inliner#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jrit/web-resource-inliner/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jrit/web-resource-inliner.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/async@3.2.0",
+ "name": "async",
+ "version": "3.2.0",
+ "description": "Higher-order functions and common patterns for asynchronous code",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4d1da61191553a3da92d2b58c4b86ded3c9fb91cdac9d7e9c6bde4f51a47233320c3b03ae1dcec76a0b11f5589c907687bc4f5d270d777dc271228268ae1c867"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/async@3.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://caolan.github.io/async/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/caolan/async/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/caolan/async.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/chalk@2.4.2",
+ "name": "chalk",
+ "version": "2.4.2",
+ "description": "Terminal string styling done right",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "32d8be7fd96924d730178b5657cfcead34ed1758198be7fc16a97201da2eada95c156150585dbe3600874a18e409bf881412eaf5bb99c04d71724414e29792b9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/chalk@2.4.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/chalk#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/chalk/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/chalk.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ansi-styles@3.2.1",
+ "name": "ansi-styles",
+ "version": "3.2.1",
+ "description": "ANSI escape codes for styling strings in the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "553d1923a91945d4e1f18c89c3748c6d89bfbbe36a7ec03112958ed0f7fdb2af3f7bde16c713a93cac7d151d459720ad3950cd390fbc9ed96a17189173eaf9a8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ansi-styles@3.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/ansi-styles#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/ansi-styles/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/ansi-styles.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/color-convert@1.9.3",
+ "name": "color-convert",
+ "version": "1.9.3",
+ "description": "Plain color conversion functions",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "41f014b5dfaf15d02d150702f020b262dd5f616c52a8088ad9c483eb30c1f0dddca6c10102f471a7dcce1a0e86fd21c7258013f3cfdacff22e0c600bb0d55b1a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/color-convert@1.9.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Qix-/color-convert#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Qix-/color-convert/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/Qix-/color-convert.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/color-name@1.1.3",
+ "name": "color-name",
+ "version": "1.1.3",
+ "description": "A list of color names and its values",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a7d0558bd89c42f795dd42328f740831ca53bc25"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/color-name@1.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/dfcreative/color-name"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/dfcreative/color-name/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/dfcreative/color-name.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/escape-string-regexp@1.0.5",
+ "name": "escape-string-regexp",
+ "version": "1.0.5",
+ "description": "Escape RegExp special characters",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/escape-string-regexp@1.0.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/escape-string-regexp#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/escape-string-regexp/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/escape-string-regexp.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/supports-color@5.5.0",
+ "name": "supports-color",
+ "version": "5.5.0",
+ "description": "Detect whether a terminal supports color",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "423563c1d5c8b78d3c308880a825f8a142ac814d84a801b3b363e9926e1a4186e39be644584716e127c5353af8b8c35999ad1ecb87f99602eb901d1a5f440ca3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/supports-color@5.5.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/supports-color#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/supports-color/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/supports-color.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has-flag@3.0.0",
+ "name": "has-flag",
+ "version": "3.0.0",
+ "description": "Check if argv has a specific flag",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b5d454dc2199ae225699f3467e5a07f3b955bafd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has-flag@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/has-flag#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/has-flag/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/has-flag.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/datauri@2.0.0",
+ "name": "datauri",
+ "version": "2.0.0",
+ "description": "Create DataURI scheme easily",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "cd2d8749ff692395cf94d66022a260ff0089a5e72053f1c0e84feebf611f6969d6d4489318b7f2fc47b14c8b02f5cf7dca808e4d796a79e5a4e059024ae3b7fe"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/datauri@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/data-uri/datauri#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/data-uri/datauri/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/data-uri/datauri.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/image-size@0.7.5",
+ "name": "image-size",
+ "version": "0.7.5",
+ "description": "get dimensions of any image file",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1e2caffa65c77c510fecbcd42ff96583d470171c58fa8f4ddc954b21e1b913b88520501a971bd153d519b6105d6031159f31cc8239ca24f3e96b2e4159fd60f6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/image-size@0.7.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/image-size/image-size#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/image-size/image-size/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/image-size/image-size.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mimer@1.1.0",
+ "name": "mimer",
+ "version": "1.1.0",
+ "description": "A simple Mime type getter",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "cbd7557f2dae8b2710bc33620185bace9e3d6611655c332be707dd3a231b77318cff43792cd47a1d3527dee9fe59441c3349286b0f053131b56ede449c725dbd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mimer@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/heldr/mimer#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/heldr/mimer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/heldr/mimer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/htmlparser2@4.1.0",
+ "name": "htmlparser2",
+ "version": "4.1.0",
+ "description": "Fast & forgiving HTML/XML/RSS parser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e330ead5ad73844e2042ca3f7392cfd4eb6b8584e7717352a6f258b56241b570044cf94c7e2dc814d8c6b906d82ee558e1947440ca9156fa383ddcbd28bc8ff1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/htmlparser2@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/htmlparser2#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/htmlparser2/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fb55/htmlparser2.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/domelementtype@2.0.1",
+ "name": "domelementtype",
+ "version": "2.0.1",
+ "description": "all the types of nodes in htmlparser2's dom",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e47387503b1865657c14658dd0d8dbaff467edffde592422d6fefe1ec515c17827f2759694beb8cca0e44b49fc6664379a558e32e5ce9d1fbb371ff9b4c3b901"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/domelementtype@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/domelementtype#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/domelementtype/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fb55/domelementtype.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/domhandler@3.0.0",
+ "name": "domhandler",
+ "version": "3.0.0",
+ "description": "Handler for htmlparser2 that turns pages into a dom",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "78a2dd239bfd9baee46d741b252367d738e1d120f3bf35955ad5fea8423778c8d9c3c75a1fd93cae58f515963d99e98fc238ac91015b7bbbc755524802aa0487"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/domhandler@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/DomHandler#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/DomHandler/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fb55/DomHandler.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/domutils@2.1.0",
+ "name": "domutils",
+ "version": "2.1.0",
+ "description": "Utilities for working with htmlparser2's dom",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "083f4cd039b589a1df43547f4c8fb3dff256a7fa60b9bd23e23210287f3d011478013015da76da3904b95f153d99a24fe631da3dd0c3412107b84d949a95132a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/domutils@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/domutils#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/domutils/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fb55/domutils.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/dom-serializer@0.2.2",
+ "name": "dom-serializer",
+ "version": "0.2.2",
+ "description": "render dom nodes to string",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dbfc4f6f7391b10e369c76224ae9d79038cf2c16848ffc53c143b807b5c26504d193b101b5338f6b2821d74600021d8e23542ba7a3567e9021cecc23d3276df6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/dom-serializer@0.2.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/cheeriojs/dom-renderer#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/cheeriojs/dom-renderer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/cheeriojs/dom-renderer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/entities@2.0.3",
+ "name": "entities",
+ "version": "2.0.3",
+ "description": "Encode & decode XML and HTML entities with ease",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "332a19d238272ef0765f72e0e47aa91669f59326c38887c44262b34dbe5aa6be7545bf93dca766322a9aef44fe6e11a7cafedb43a58c8f640c1e918c9a5ad461"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/entities@2.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fb55/entities#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fb55/entities/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fb55/entities.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.unescape@4.0.1",
+ "name": "lodash.unescape",
+ "version": "4.0.1",
+ "description": "The lodash method `_.unescape` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "bf2249886ce514cda112fae9218cdc065211fc9c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.unescape@4.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/request@2.88.2",
+ "name": "request",
+ "version": "2.88.2",
+ "description": "Simplified HTTP request client.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "32cbed3ab7c6f5972b3b0016f908be17a1db0f40965c487da2eefbb8e6fb14cd963e1c13eec98cf37dcfcda9e124bb205e337cf48afa5763dccd7367329c0a87"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/request@2.88.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/request/request#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "http://github.com/request/request/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/request/request.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/aws-sign2@0.7.0",
+ "name": "aws-sign2",
+ "version": "0.7.0",
+ "description": "AWS signing. Originally pulled from LearnBoost/knox, maintained as vendor in request, now a standalone module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/aws-sign2@0.7.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mikeal/aws-sign#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mikeal/aws-sign/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mikeal/aws-sign.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/aws4@1.10.0",
+ "name": "aws4",
+ "version": "1.10.0",
+ "description": "Signs and prepares requests using AWS Signature Version 4",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dd80e2bb7e3b9ad56d8e9c95deee6456a40b3f6e36734eb3c033a0a5e467c9b99795862c2dbb53ad40549bc8bcb2b38db7e156a1b9796a26e7535d37d0f79eb8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/aws4@1.10.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mhart/aws4#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mhart/aws4/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mhart/aws4.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/caseless@0.12.0",
+ "name": "caseless",
+ "version": "0.12.0",
+ "description": "Caseless object set/get/has, very useful when working with HTTP headers.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1b681c21ff84033c826543090689420d187151dc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/caseless@0.12.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mikeal/caseless#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mikeal/caseless/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mikeal/caseless.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/combined-stream@1.0.8",
+ "name": "combined-stream",
+ "version": "1.0.8",
+ "description": "A stream that emits multiple other streams one after another.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1503783117ee25e1dfedc05b04c2455e12920eafb690002b06599106f72f144e410751d9297b5214048385d973f73398c3187c943767be630e7bffb971da0476"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/combined-stream@1.0.8",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/felixge/node-combined-stream"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/felixge/node-combined-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/felixge/node-combined-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/delayed-stream@1.0.0",
+ "name": "delayed-stream",
+ "version": "1.0.0",
+ "description": "Buffers events from a stream until you are ready to handle them.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "df3ae199acadfb7d440aaae0b29e2272b24ec619"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/delayed-stream@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/felixge/node-delayed-stream"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/felixge/node-delayed-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/felixge/node-delayed-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/extend@3.0.2",
+ "name": "extend",
+ "version": "3.0.2",
+ "description": "Port of jQuery.extend for node.js and the browser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7e3aae0b9f5c0fb0b25babab3572b4141b9f9197288861bcd304ee3ee8d7e7dd1c0794ed967db4136501e12fd601156a8577df665d8b3604be81074f2088a6fe"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/extend@3.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/justmoon/node-extend#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/justmoon/node-extend/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/justmoon/node-extend.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/forever-agent@0.6.1",
+ "name": "forever-agent",
+ "version": "0.6.1",
+ "description": "HTTP Agent that keeps socket connections alive between keep-alive requests. Formerly part of mikeal/request, now a standalone module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/forever-agent@0.6.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mikeal/forever-agent#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mikeal/forever-agent/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mikeal/forever-agent.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/form-data@2.3.3",
+ "name": "form-data",
+ "version": "2.3.3",
+ "description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d652ca07632edda18fd50ff67823b1d1f35b44c7bb5ddc24b703abba17eaa9dd2b2095b03780e1f84de1acf4a50c25e7491ed4b59d4ddfcad55e6fbaf8c12125"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/form-data@2.3.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/form-data/form-data#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/form-data/form-data/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/form-data/form-data.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/asynckit@0.4.0",
+ "name": "asynckit",
+ "version": "0.4.0",
+ "description": "Minimal async jobs utility library, with streams support",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/asynckit@0.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/alexindigo/asynckit#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/alexindigo/asynckit/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/alexindigo/asynckit.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mime-types@2.1.27",
+ "name": "mime-types",
+ "version": "2.1.27",
+ "description": "The ultimate javascript content-type utility.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "24886a9c26ac23dc83f92b2692ab870714d212e65d417e41b909d2d9573ba6e41043ef3288fe40639b9686976fe182f854ce5cea296289858f809fe72502e9ef"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mime-types@2.1.27",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/mime-types#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/mime-types/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/mime-types.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mime-db@1.44.0",
+ "name": "mime-db",
+ "version": "1.44.0",
+ "description": "Media Type Database",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "fcd3937cbaec3c155e1fb62d14f82c556bdeb8bfb84a38d8c5a435c6d33528c163ec77719419717b234bce1c89571eebe2b64624067fea590a0a2b5273f366a6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mime-db@1.44.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/mime-db#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/mime-db/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/mime-db.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/har-validator@5.1.3",
+ "name": "har-validator",
+ "version": "5.1.3",
+ "description": "Extremely fast HTTP Archive (HAR) validator using JSON Schema",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b0dbce0b311036bfeaaef260737506fe40f842d947c9caf3c12fba99f4ebad2abdec1bda61c3d9648d594aa1923d1ef70b19f82ca4c3e0fb6d4707d4ee35aae6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/har-validator@5.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ahmadnassri/node-har-validator"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ahmadnassri/node-har-validator/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ahmadnassri/node-har-validator.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ajv@6.12.3",
+ "name": "ajv",
+ "version": "6.12.3",
+ "description": "Another JSON Schema Validator",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e0ad1c2b72f586caa4f7121bdb3f6fb3f5d4f8f18967d3cda494434bd60bce635d5fa8e654f7da98bbd326bd1a0c0bac9c7c821cee8c8f396402c82daa9f6d78"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ajv@6.12.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ajv-validator/ajv"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ajv-validator/ajv/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ajv-validator/ajv.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/fast-deep-equal@3.1.3",
+ "name": "fast-deep-equal",
+ "version": "3.1.3",
+ "description": "Fast deep equal",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7f7a90f68432f63d808417bf1fd542f75c0b98a042094fe00ce9ca340606e61b303bb04b2a3d3d1dce4760dcfd70623efb19690c22200da8ad56cd3701347ce1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/fast-deep-equal@3.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/epoberezkin/fast-deep-equal#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/epoberezkin/fast-deep-equal/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/epoberezkin/fast-deep-equal.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/fast-json-stable-stringify@2.1.0",
+ "name": "fast-json-stable-stringify",
+ "version": "2.1.0",
+ "description": "deterministic `JSON.stringify()` - a faster version of substack's json-stable-strigify without jsonify",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "96177fc05f8b93df076684c2b6556b687b5f8795d88a32236a55dc93bb1a52db9a9d20f22ccc671e149710326a1f10fb9ac47c0f4b829aa964c23095f31bf01f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/fast-json-stable-stringify@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/epoberezkin/fast-json-stable-stringify"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/epoberezkin/fast-json-stable-stringify/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/epoberezkin/fast-json-stable-stringify.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/json-schema-traverse@0.4.1",
+ "name": "json-schema-traverse",
+ "version": "0.4.1",
+ "description": "Traverse JSON Schema passing each schema object to callback",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c5b6c21f9742614e53f0b704861ba1ec727cf075ee5b7aac237634cce64529f6441dca5688753f271ce4eb6f41aec69bfe63221d0b62f7030ffbce3944f7b756"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/json-schema-traverse@0.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/epoberezkin/json-schema-traverse#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/epoberezkin/json-schema-traverse/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/epoberezkin/json-schema-traverse.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/uri-js@4.2.2",
+ "name": "uri-js",
+ "version": "4.2.2",
+ "description": "An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "298f45ae68abaa5f755f64208ebcb459de18f984ddadd661792f13170be46cb59ffc6e4a3490c287aa4a2f939972d116e3ed0169ae6274ad9942e10b4703f39d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/uri-js@4.2.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/garycourt/uri-js"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/garycourt/uri-js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/garycourt/uri-js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/punycode@2.1.1",
+ "name": "punycode",
+ "version": "2.1.1",
+ "description": "A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5d1b118dd7fe8f99a5fb2ffa18a1cf65bac5ffca766206b424fb5da93218d977b9a2124f0fdb1a0c924b3efa7df8d481a6b56f7af7576726e78f672ff0e11dd0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/punycode@2.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://mths.be/punycode"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/bestiejs/punycode.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/bestiejs/punycode.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/har-schema@2.0.0",
+ "name": "har-schema",
+ "version": "2.0.0",
+ "description": "JSON Schema for HTTP Archive (HAR)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a94c2224ebcac04782a0d9035521f24735b7ec92"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/har-schema@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ahmadnassri/har-schema"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ahmadnassri/har-schema/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ahmadnassri/har-schema.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/http-signature@1.2.0",
+ "name": "http-signature",
+ "version": "1.2.0",
+ "description": "Reference implementation of Joyent's HTTP Signature scheme.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9aecd925114772f3d95b65a60abb8f7c18fbace1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/http-signature@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/joyent/node-http-signature/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/joyent/node-http-signature/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/joyent/node-http-signature.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/assert-plus@1.0.0",
+ "name": "assert-plus",
+ "version": "1.0.0",
+ "description": "Extra assertions on top of node's assert module",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/assert-plus@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mcavage/node-assert-plus#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mcavage/node-assert-plus/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mcavage/node-assert-plus.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jsprim@1.4.1",
+ "name": "jsprim",
+ "version": "1.4.1",
+ "description": "utilities for primitive JavaScript types",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jsprim@1.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/joyent/node-jsprim#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/joyent/node-jsprim/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/joyent/node-jsprim.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/extsprintf@1.3.0",
+ "name": "extsprintf",
+ "version": "1.3.0",
+ "description": "extended POSIX-style sprintf",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "96918440e3041a7a414f8c52e3c574eb3c3e1e05"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/extsprintf@1.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/davepacheco/node-extsprintf#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/davepacheco/node-extsprintf/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/davepacheco/node-extsprintf.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/json-schema@0.2.3",
+ "name": "json-schema",
+ "version": "0.2.3",
+ "description": "JSON Schema validation and specifications",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b480c892e59a2f05954ce727bd3f2a4e882f9e13"
+ }
+ ],
+ "purl": "pkg:npm/json-schema@0.2.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kriszyp/json-schema#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kriszyp/json-schema/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/kriszyp/json-schema.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/verror@1.10.0",
+ "name": "verror",
+ "version": "1.10.0",
+ "description": "richer JavaScript errors",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "3a105ca17053af55d6e270c1f8288682e18da400"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/verror@1.10.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/davepacheco/node-verror#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/davepacheco/node-verror/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/davepacheco/node-verror.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/sshpk@1.16.1",
+ "name": "sshpk",
+ "version": "1.16.1",
+ "description": "A library for finding and using SSH public keys",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1d75ea554abbfa970a78baaa663ea61c550cbd7b4e26dd6ea14c74f69156eb4d758a74ccc6a23c040f0f33de66cab232c8ac1d9f38dd1632e213a2813d5b4922"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/sshpk@1.16.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/arekinath/node-sshpk#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/arekinath/node-sshpk/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/joyent/node-sshpk.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/asn1@0.2.4",
+ "name": "asn1",
+ "version": "0.2.4",
+ "description": "Contains parsers and serializers for ASN.1 (currently BER only)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8f1c334292d08d29965e0c1a09913d373fa09401b4d721754275a06e11b01c8e40e85448118e8856ab478487a91ea23bfe4c84c9011a8010b998110594862f76"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/asn1@0.2.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/joyent/node-asn1#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/joyent/node-asn1/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/joyent/node-asn1.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/safer-buffer@2.1.2",
+ "name": "safer-buffer",
+ "version": "2.1.2",
+ "description": "Modern Buffer API polyfill without footguns",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "619a372bcd920fb462ca2d04d4440fa232f3ee4a5ea6749023d2323db1c78355d75debdbe5d248eeda72376003c467106c71bbbdcc911e4d1c6f0a9c42b894b6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/safer-buffer@2.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ChALkeR/safer-buffer#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ChALkeR/safer-buffer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ChALkeR/safer-buffer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/bcrypt-pbkdf@1.0.2",
+ "name": "bcrypt-pbkdf",
+ "version": "1.0.2",
+ "description": "Port of the OpenBSD bcrypt_pbkdf function to pure JS",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/bcrypt-pbkdf@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/joyent/node-bcrypt-pbkdf#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/joyent/node-bcrypt-pbkdf/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/joyent/node-bcrypt-pbkdf.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/tweetnacl@0.14.5",
+ "name": "tweetnacl",
+ "version": "0.14.5",
+ "description": "Port of TweetNaCl cryptographic library to JavaScript",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5ae68177f192d4456269d108afa93ff8743f4f64"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Unlicense"
+ }
+ }
+ ],
+ "purl": "pkg:npm/tweetnacl@0.14.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://tweetnacl.js.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/dchest/tweetnacl-js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/dchest/tweetnacl-js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/dashdash@1.14.1",
+ "name": "dashdash",
+ "version": "1.14.1",
+ "description": "A light, featureful and explicit option parsing library.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "853cfa0f7cbe2fed5de20326b8dd581035f6e2f0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/dashdash@1.14.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/trentm/node-dashdash#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/trentm/node-dashdash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/trentm/node-dashdash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ecc-jsbn@0.1.2",
+ "name": "ecc-jsbn",
+ "version": "0.1.2",
+ "description": "ECC JS code based on JSBN",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "3a83a904e54353287874c564b7549386849a98c9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ecc-jsbn@0.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/quartzjer/ecc-jsbn"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/quartzjer/ecc-jsbn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/quartzjer/ecc-jsbn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jsbn@0.1.1",
+ "name": "jsbn",
+ "version": "0.1.1",
+ "description": "The jsbn library is a fast, portable implementation of large-number math in pure JavaScript, enabling public-key crypto and other applications on desktop and mobile browsers.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jsbn@0.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/andyperlitch/jsbn#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/andyperlitch/jsbn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/andyperlitch/jsbn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/getpass@0.1.7",
+ "name": "getpass",
+ "version": "0.1.7",
+ "description": "getpass for node.js",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5eff8e3e684d569ae4cb2b1282604e8ba62149fa"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/getpass@0.1.7",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/arekinath/node-getpass#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/arekinath/node-getpass/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/arekinath/node-getpass.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-typedarray@1.0.0",
+ "name": "is-typedarray",
+ "version": "1.0.0",
+ "description": "Detect whether or not an object is a Typed Array",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e479c80858df0c1b11ddda6940f96011fcda4a9a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-typedarray@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/hughsk/is-typedarray"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/hughsk/is-typedarray/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/hughsk/is-typedarray.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/isstream@0.1.2",
+ "name": "isstream",
+ "version": "0.1.2",
+ "description": "Determine if an object is a Stream",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "47e63f7af55afa6f92e1500e690eb8b8529c099a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/isstream@0.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/rvagg/isstream"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/rvagg/isstream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/rvagg/isstream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/json-stringify-safe@5.0.1",
+ "name": "json-stringify-safe",
+ "version": "5.0.1",
+ "description": "Like JSON.stringify, but doesn't blow up on circular refs.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/json-stringify-safe@5.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/json-stringify-safe"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/json-stringify-safe/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/json-stringify-safe.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/oauth-sign@0.9.0",
+ "name": "oauth-sign",
+ "version": "0.9.0",
+ "description": "OAuth 1 signing. Formerly a vendor lib in mikeal/request, now a standalone module.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7dec6150514f4c657cc9b02d48819b57a80e912bfc52d45b0c19c0c8b430e103ca920365b07d81c8f1ad314a9d5a4a2ce98091980a958b0819ac973f9910f365"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/oauth-sign@0.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mikeal/oauth-sign#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mikeal/oauth-sign/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mikeal/oauth-sign.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/performance-now@2.1.0",
+ "name": "performance-now",
+ "version": "2.1.0",
+ "description": "Implements performance.now (based on process.hrtime).",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/performance-now@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/braveg1rl/performance-now"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/braveg1rl/performance-now/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/braveg1rl/performance-now.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/qs@6.5.2",
+ "name": "qs",
+ "version": "6.5.2",
+ "description": "A querystring parser that supports nesting and arrays, with a depth limit",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3796405f8fcbc49985fbbc0def8a540faa8087dff09ef750723abd4d98debef5f3494a3b6df9b0f75b1aa8c8f3192db1abdd7fa1d376756fd63a5eea40734318"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/qs@6.5.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/qs"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/qs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ljharb/qs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/tough-cookie@2.5.0",
+ "name": "tough-cookie",
+ "version": "2.5.0",
+ "description": "RFC6265 Cookies and Cookie Jar for node.js",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9e52ec533826d647cb5d25df45931cd4a2c0ba077886a2470d3bdcda10c8c12de66407cc12e31b734dd2ba3305f8611ca5a5ffa9ba1ec9cc3a88ef09c15bf6fa"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/tough-cookie@2.5.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/salesforce/tough-cookie"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/salesforce/tough-cookie/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/salesforce/tough-cookie.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/psl@1.8.0",
+ "name": "psl",
+ "version": "1.8.0",
+ "description": "Domain name parser based on the Public Suffix List",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "44874ecf2a1abcafa1035f0e186583a944ec08b86d03b21c67fe8d0ace1f14968704369bfa90c3983201c96151409ab609deebd4ea10c4118a39acedabe86321"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/psl@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lupomontero/psl#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lupomontero/psl/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/lupomontero/psl.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/tunnel-agent@0.6.0",
+ "name": "tunnel-agent",
+ "version": "0.6.0",
+ "description": "HTTP proxy tunneling agent. Formerly part of mikeal/request, now a standalone module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "27a5dea06b36b04a0a9966774b290868f0fc40fd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/tunnel-agent@0.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mikeal/tunnel-agent#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mikeal/tunnel-agent/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mikeal/tunnel-agent.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/uuid@3.4.0",
+ "name": "uuid",
+ "version": "3.4.0",
+ "description": "RFC4122 (v1, v4, and v5) UUIDs",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1e3483470ea0644e4932081cb4705c8d56a4d3cf8a1158522220f31674fd4bd69e826a7ce52fdb45e0554dbe104c5691369b49f64b9868d8676cd10e91b29bfc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/uuid@3.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/uuidjs/uuid#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/uuidjs/uuid/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/uuidjs/uuid.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/valid-data-url@2.0.0",
+ "name": "valid-data-url",
+ "version": "2.0.0",
+ "description": "Detect if a string is a data URL",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7720999efdda09ecbbc9f4e022a7596a72a5ef15801042826e0991ed22aac8ae904ff674ed139a72dae00f5780dfb0baf4e0d18fbacd3a3cca5953e1d0452304"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/valid-data-url@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/killmenot/valid-data-url"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/killmenot/valid-data-url/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/killmenot/valid-data-url.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/xtend@4.0.2",
+ "name": "xtend",
+ "version": "4.0.2",
+ "description": "extend like a boss",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2ca614d620172575200179fd5118e2bbe3168725171ecbdfa7b99cb989bd75250a2b4fc28edad4c050310fcdbf98259bb4bb068c521a774c08b28778ceb4c011"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/xtend@4.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Raynos/xtend"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Raynos/xtend/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/Raynos/xtend.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/linkify-it@2.2.0",
+ "name": "linkify-it",
+ "version": "2.2.0",
+ "description": "Links recognition library with FULL unicode support",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1a7025fe49c69fe8b553fc23073dda933dacb73f87ac72ecc4cc07406a1f0837cfbe57fe80328de7c52d7e652ab93638fcc5de136c7b935f4a4267a8662f7823"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/linkify-it@2.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/markdown-it/linkify-it#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/markdown-it/linkify-it/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/markdown-it/linkify-it.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/uc.micro@1.0.6",
+ "name": "uc.micro",
+ "version": "1.0.6",
+ "description": "Micro subset of unicode data files for markdown-it projects.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f18ef9a6f4d890b256da15901d7c68a91815eea6fd07ef6f144b6274c2feee4a075056a99d524067a70ab3e423cf9030dda6561cc0babb4c0913702dfa7486c0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/uc.micro@1.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/markdown-it/uc.micro#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/markdown-it/uc.micro/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/markdown-it/uc.micro.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash@4.17.19",
+ "name": "lodash",
+ "version": "4.17.19",
+ "description": "Lodash modular utilities.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "24dbddf17111f46417d2fdaa260b1a37f9b3142340e4145efe3f0937d77eb56c862d2a1d2901ca16271dc0d6335b0237c2346768a3ec1a3d579018f1fc5f7a0d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash@4.17.19",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/markdown-it@8.4.2",
+ "name": "markdown-it",
+ "version": "8.4.2",
+ "description": "Markdown-it - modern pluggable markdown parser.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "19c473dc0593a92529858defb14a9048531b811dfc6b82e1dc65a51d187fecc470cfc99cbbd9f620eec73a1f9b5c7ad1f6438f0e5e51342684b2b9de6fec611d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/markdown-it@8.4.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/markdown-it/markdown-it#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/markdown-it/markdown-it/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/markdown-it/markdown-it.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/argparse@1.0.10",
+ "name": "argparse",
+ "version": "1.0.10",
+ "description": "Very powerful CLI arguments parser. Native port of argparse - python's options parsing library",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a39468cbab4d1b848bfc53a408037a4738e26a4652db944b605adc32db49a9b75df015ab9c0f9f1b3e7b88de4f6f4ea9bc11af979810d01e3c74996c957be84e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/argparse@1.0.10",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/nodeca/argparse#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/nodeca/argparse/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/nodeca/argparse.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/sprintf-js@1.0.3",
+ "name": "sprintf-js",
+ "version": "1.0.3",
+ "description": "JavaScript sprintf implementation",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "04e6926f662895354f3dd015203633b857297e2c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/sprintf-js@1.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/alexei/sprintf.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/alexei/sprintf.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/alexei/sprintf.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mdurl@1.0.1",
+ "name": "mdurl",
+ "version": "1.0.1",
+ "description": "URL utilities for markdown-it",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "fe85b2ec75a59037f2adfec100fd6c601761152e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mdurl@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/markdown-it/mdurl#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/markdown-it/mdurl/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/markdown-it/mdurl.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mimemessage@1.1.4",
+ "name": "mimemessage",
+ "version": "1.1.4",
+ "description": "MIME messages for JavaScript (RFC 2045 & 2046)",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mimemessage@1.1.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/eface2face/mimemessage.js"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/eface2face/mimemessage.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/eface2face/mimemessage.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/debug@2.6.9",
+ "name": "debug",
+ "version": "2.6.9",
+ "description": "small debugging utility",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6c2ec496b7496899cf6c03fed44a2d62fa99b1bdde725e708ba05f8ba0494d470da30a7a72fb298348d7ce74532838e6fc4ec076014155e00f54c35c286b0730"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/debug@2.6.9",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/visionmedia/debug#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/visionmedia/debug/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/visionmedia/debug.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ms@2.0.0",
+ "name": "ms",
+ "version": "2.0.0",
+ "description": "Tiny milisecond conversion utility",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5608aeadfc00be6c2901df5f9861788de0d597c8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ms@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zeit/ms#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zeit/ms/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/zeit/ms.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/rfc2047@2.0.1",
+ "name": "rfc2047",
+ "version": "2.0.1",
+ "description": "Encode and decode rfc2047 (MIME encoded words)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1a659b91585c3757d535a59f9afef1ba532ae86b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD"
+ }
+ }
+ ],
+ "purl": "pkg:npm/rfc2047@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/One-com/rfc2047"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/One-com/rfc2047/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/One-com/rfc2047.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/iconv-lite@0.4.5",
+ "name": "iconv-lite",
+ "version": "0.4.5",
+ "description": "Convert character encodings in pure javascript.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9c574b70c30d615859f2064d2be4335ad6b1a8d6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/iconv-lite@0.4.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ashtuchkin/iconv-lite"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ashtuchkin/iconv-lite/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ashtuchkin/iconv-lite.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/moment@2.27.0",
+ "name": "moment",
+ "version": "2.27.0",
+ "description": "Parse, validate, manipulate, and display dates",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6a5d0c50aedca4872094cbf7605d77a9281d008ab11d33bb6eb46d6b3dc395250b6ea7dacea91ce6412336b2c338cedfb23b21a0522286753cb27acfef352f85"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/moment@2.27.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://momentjs.com"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/moment/moment/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/moment/moment.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/moment-timezone@0.5.31",
+ "name": "moment-timezone",
+ "version": "0.5.31",
+ "description": "Parse and display moments in any timezone.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f86807360f314613177c46eff35883b6b55e4dc5add245a64c46355d02b5e1d2024d79d62674f47717653eca70a85de478a3153d7c1ac84b24d43234000fe374"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/moment-timezone@0.5.31",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://momentjs.com/timezone/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/moment/moment-timezone/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/moment/moment-timezone.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mousetrap@1.6.5",
+ "name": "mousetrap",
+ "version": "1.6.5",
+ "description": "Simple library for handling keyboard shortcuts",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "40da389047a9688070893f020e13fdf2e9937ada7e24d7d06015af0b5a5cebf38089bb97b51731679f10cfcb24bc41d8bd44677bfed1f13e55a0e23bac3b0450"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "Apache-2.0 WITH LLVM-exception"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mousetrap@1.6.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ccampbell/mousetrap#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ccampbell/mousetrap/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ccampbell/mousetrap.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ng-intl-tel-input@2.0.0",
+ "name": "ng-intl-tel-input",
+ "version": "2.0.0",
+ "description": "AngularJS directive implementing intl-tel-input (https://github.com/Bluefieldscom/intl-tel-input)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "705a09c68cbc754113e376d81856a0a598bd1890"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ng-intl-tel-input@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://hodgepodgers.github.io/ng-intl-tel-input"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/hodgepodgers/ng-intl-tel-input/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/hodgepodgers/ng-intl-tel-input.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ng-pikaday@2.0.2",
+ "name": "ng-pikaday",
+ "version": "2.0.2",
+ "description": "an AngularJS directive wraper that aims to make using Pikaday with Angular as simple as possible.",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ng-pikaday@2.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fxding/ng-pikaday"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fxding/ng-pikaday/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/fxding/ng-pikaday.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pikaday@1.8.0",
+ "name": "pikaday",
+ "version": "1.8.0",
+ "description": "A refreshing JavaScript Datepicker — lightweight, no dependencies, modular CSS",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4a01b13185f43478fda109cc692c808a9af680eadb0782dfb3f4c94dbe87ea1447b37f7fe5ce55662ef743c86be77faf5a3767e87ce459c8fc56d97773dce268"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "(0BSD OR MIT)"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pikaday@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://pikaday.com"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Pikaday/Pikaday/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/Pikaday/Pikaday.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/nouislider@10.1.0",
+ "name": "nouislider",
+ "version": "10.1.0",
+ "description": "noUiSlider is lightweight JavaScript range slider.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "944370c65a68620e3fe608dd698fcf30d1de54bf82309cab3beed1cd78b532a852486c2e26c41226d7970905796c4d942847522c0456aea205f1749602aee1f8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "WTFPL"
+ }
+ }
+ ],
+ "purl": "pkg:npm/nouislider@10.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/leongersen/noUiSlider#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/leongersen/noUiSlider/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/leongersen/noUiSlider.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/papaparse@4.6.3",
+ "name": "papaparse",
+ "version": "4.6.3",
+ "description": "Fast and powerful CSV parser for the browser that supports web workers and streaming large files. Converts CSV to JSON and JSON to CSV.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2d1abb06b1c2da41cf058483e7468abb0fc1fdd19c836f689b225b2966372ac614654ebd44ac1a047bb5de31a609806d39ce2876c2c2ac5ca4ea299fc8db9b25"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/papaparse@4.6.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://papaparse.com"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mholt/PapaParse/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mholt/PapaParse.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/parse-domain@2.3.4",
+ "name": "parse-domain",
+ "version": "2.3.4",
+ "description": "Splits an url into sub-domain, domain and effective top-level-domain",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2e51492554ebcb80c3dd76bbe82b1534fe8c22edc967c1977791c4129dfc2920c604256c9dc71a80027960bcbbb8411a6efc2d6ae40440f72f5d68141a425b30"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Unlicense"
+ }
+ }
+ ],
+ "purl": "pkg:npm/parse-domain@2.3.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/peerigon/parse-domain#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/peerigon/parse-domain/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/peerigon/parse-domain.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/got@8.3.2",
+ "name": "got",
+ "version": "8.3.2",
+ "description": "Simplified HTTP requests",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "aa3509e54fe16b0c68b0caf220ba1f642926dc2f383cb252ff482b448a63030bbe2e4c718f9731782536e411b4ff79834a95ca4f266bf2887cc0880b687d100b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/got@8.3.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/got#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/got/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/got.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40sindresorhus/is@0.7.0",
+ "group": "@sindresorhus",
+ "name": "is",
+ "version": "0.7.0",
+ "description": "Type check values: `is.string('🦄') //=> true`",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "38d85a28f22e7f3ceb94d6eab5614577e8e59de997ea524082af597a266d4bb2353c87ff95aec25b89bcdeb4d7467567b0c6d6da4e7aa4662eec0505243f4fa3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40sindresorhus/is@0.7.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/is#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/is/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/is.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cacheable-request@2.1.4",
+ "name": "cacheable-request",
+ "version": "2.1.4",
+ "description": "Wrap native HTTP requests with RFC compliant cache support",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "0d808801b6342ad33c91df9d0b44dc09b91e5c3d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cacheable-request@2.1.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lukechilds/cacheable-request"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lukechilds/cacheable-request/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lukechilds/cacheable-request.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/clone-response@1.0.2",
+ "name": "clone-response",
+ "version": "1.0.2",
+ "description": "Clone a Node.js HTTP response stream",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d1dc973920314df67fbeb94223b4ee350239e96b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/clone-response@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lukechilds/clone-response"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lukechilds/clone-response/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lukechilds/clone-response.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mimic-response@1.0.1",
+ "name": "mimic-response",
+ "version": "1.0.1",
+ "description": "Mimic a Node.js HTTP response stream",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8f911cb67907eda99f57fab91e09a86a5d60d901c5251ada3ad9b1d09a48aa4c6106123f9494a5d67329438e6155aaf03444cea161229a7759e102b4447c6ec5"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mimic-response@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/mimic-response#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/mimic-response/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/mimic-response.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/get-stream@3.0.0",
+ "name": "get-stream",
+ "version": "3.0.0",
+ "description": "Get a stream as a string, buffer, or array",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8e943d1358dc37555054ecbe2edb05aa174ede14"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/get-stream@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/get-stream#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/get-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/get-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/http-cache-semantics@3.8.1",
+ "name": "http-cache-semantics",
+ "version": "3.8.1",
+ "description": "Parses Cache-Control and other headers. Helps building correct HTTP caches and proxies",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e5a8b68a4b3257c6579a76611c7e2b58fa31c62b2d11ec528b9f77eb3210d5b9cd4d6e559c0f3907a3ff5695e244cd35ec8811bdbda42a8d5afffcbed304a9df"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/http-cache-semantics@3.8.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/pornel/http-cache-semantics#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/pornel/http-cache-semantics/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/pornel/http-cache-semantics.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/keyv@3.0.0",
+ "name": "keyv",
+ "version": "3.0.0",
+ "description": "Simple key-value storage with support for multiple backends",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7a0b879eadb6384dee5684981b42d558d3fee29a5a996afdfb35817b56ec35ca2f20ccba86e50914f832e261b009dfeb9e5def38b196d4c4e5bb8739ec24f5c4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/keyv@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lukechilds/keyv"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lukechilds/keyv/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lukechilds/keyv.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/json-buffer@3.0.0",
+ "name": "json-buffer",
+ "version": "3.0.0",
+ "description": "JSON parse & stringify that supports binary via bops & base64",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5b1f397afc75d677bde8bcfc0e47e1f9a3d9a898"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/json-buffer@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/dominictarr/json-buffer"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/dominictarr/json-buffer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/dominictarr/json-buffer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lowercase-keys@1.0.0",
+ "name": "lowercase-keys",
+ "version": "1.0.0",
+ "description": "Lowercase the keys of an object",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4e3366b39e7f5457e35f1324bdf6f88d0bfc7306"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lowercase-keys@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/lowercase-keys#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/lowercase-keys/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/lowercase-keys.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/normalize-url@2.0.1",
+ "name": "normalize-url",
+ "version": "2.0.1",
+ "description": "Normalize a URL",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0fa3145b82bf573a09e2b274d4914ac43aed635bfdc2b833097e5fdaa8ff9731f59bf956e8c85464529ead5b27ca33a13ac63323d2aaa9a93ed749782ef2e933"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/normalize-url@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/normalize-url#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/normalize-url/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/normalize-url.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/prepend-http@2.0.0",
+ "name": "prepend-http",
+ "version": "2.0.0",
+ "description": "Prepend `http://` to humanized URLs like todomvc.com and localhost",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e92434bfa5ea8c19f41cdfd401d741a3c819d897"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/prepend-http@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/prepend-http#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/prepend-http/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/prepend-http.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/query-string@5.1.1",
+ "name": "query-string",
+ "version": "5.1.1",
+ "description": "Parse and stringify URL query strings",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "82358eb26d92a069602c47401adedaeac9553a4f661a25e63c532aac484b43af2b850b819e97ecdfe12696fa8acb19c2a3dfcf3e517ef4cb58d364b568583e27"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/query-string@5.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/query-string#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/query-string/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/query-string.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/decode-uri-component@0.2.0",
+ "name": "decode-uri-component",
+ "version": "0.2.0",
+ "description": "A better decodeURIComponent",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "eb3913333458775cb84cd1a1fae062106bb87545"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/decode-uri-component@0.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/SamVerschueren/decode-uri-component#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/SamVerschueren/decode-uri-component/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/SamVerschueren/decode-uri-component.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/object-assign@4.1.1",
+ "name": "object-assign",
+ "version": "4.1.1",
+ "description": "ES2015 `Object.assign()` ponyfill",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2109adc7965887cfc05cbbd442cac8bfbb360863"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/object-assign@4.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/object-assign#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/object-assign/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/object-assign.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/strict-uri-encode@1.1.0",
+ "name": "strict-uri-encode",
+ "version": "1.1.0",
+ "description": "A stricter URI encode adhering to RFC 3986",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "279b225df1d582b1f54e65addd4352e18faa0713"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/strict-uri-encode@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kevva/strict-uri-encode#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kevva/strict-uri-encode/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/kevva/strict-uri-encode.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/sort-keys@2.0.0",
+ "name": "sort-keys",
+ "version": "2.0.0",
+ "description": "Sort the keys of an object",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "658535584861ec97d730d6cf41822e1f56684128"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/sort-keys@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/sort-keys#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/sort-keys/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/sort-keys.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-plain-obj@1.1.0",
+ "name": "is-plain-obj",
+ "version": "1.1.0",
+ "description": "Check if a value is a plain object",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "71a50c8429dfca773c92a390a4a03b39fcd51d3e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-plain-obj@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/is-plain-obj#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/is-plain-obj/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/is-plain-obj.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/responselike@1.0.2",
+ "name": "responselike",
+ "version": "1.0.2",
+ "description": "A response-like object for mocking a Node.js HTTP response stream",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "918720ef3b631c5642be068f15ade5a46f4ba1e7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/responselike@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lukechilds/responselike#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lukechilds/responselike/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lukechilds/responselike.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lowercase-keys@1.0.1",
+ "name": "lowercase-keys",
+ "version": "1.0.1",
+ "description": "Lowercase the keys of an object",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1b62e3eb5b570e754514e8bc55976cf92a108ed402ddd82890a7431b69939b5b71e26e743541c1399481c10407cb2d15d760342531b889c7d9407fb13f287c54"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lowercase-keys@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/lowercase-keys#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/lowercase-keys/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/lowercase-keys.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/decompress-response@3.3.0",
+ "name": "decompress-response",
+ "version": "3.3.0",
+ "description": "Decompress a HTTP response if needed",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "80a4dd323748384bfa248083622aedec982adff3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/decompress-response@3.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/decompress-response#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/decompress-response/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/decompress-response.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/duplexer3@0.1.4",
+ "name": "duplexer3",
+ "version": "0.1.4",
+ "description": "Like duplexer but using streams3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ee01dd1cac0ed3cbc7fdbea37dc0a8f1ce002ce2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/duplexer3@0.1.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/floatdrop/duplexer3#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/floatdrop/duplexer3/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/floatdrop/duplexer3.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/into-stream@3.1.0",
+ "name": "into-stream",
+ "version": "3.1.0",
+ "description": "Convert a buffer/string/array/object/iterable/promise into a stream",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "96fb0a936c12babd6ff1752a17d05616abd094c6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/into-stream@3.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/into-stream#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/into-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/into-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/from2@2.3.0",
+ "name": "from2",
+ "version": "2.3.0",
+ "description": "Convenience wrapper for ReadableStream, with an API lifted from \"from\" and \"through2\"",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8bfb5502bde4a4d36cfdeea007fcca21d7e382af"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/from2@2.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/hughsk/from2"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/hughsk/from2/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/hughsk/from2.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-is-promise@1.1.0",
+ "name": "p-is-promise",
+ "version": "1.1.0",
+ "description": "Check if something is a promise",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9c9456989e9f6588017b0434d56097675c3da05e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-is-promise@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-is-promise#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-is-promise/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-is-promise.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-retry-allowed@1.2.0",
+ "name": "is-retry-allowed",
+ "version": "1.2.0",
+ "description": "Is retry allowed for Error?",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4546d478ac2f9b75c6d9561a9a124bd71164b608ef3f32f41eaf02fbacab588b300f2dc12171aa0b187191cdf437d8ea2b7d75815535dfb2bc122e79ff354946"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-retry-allowed@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/floatdrop/is-retry-allowed#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/floatdrop/is-retry-allowed/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/floatdrop/is-retry-allowed.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/isurl@1.0.0",
+ "name": "isurl",
+ "version": "1.0.0",
+ "description": "Checks whether a value is a WHATWG URL.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d4fff25acc4f943b67ed07910fe50b2903da21a37ac85dfaf06676bc37efd002f4370a52b5a7e35820c3767d24f30805316a5502a1bba098711e796e778da2f7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/isurl@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stevenvachon/isurl#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stevenvachon/isurl/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stevenvachon/isurl.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has-to-string-tag-x@1.4.1",
+ "name": "has-to-string-tag-x",
+ "version": "1.4.1",
+ "description": "Tests if ES6 @@toStringTag is supported.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "bdd6ca7e6c3edcba0e615afe9adc47697e5af7afb47f70e58d877c24eaaf38bb1fe66c363ad75adaa0834fda91a8b021ae3c90d21eee6a5e673a2012a6c18d17"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has-to-string-tag-x@1.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Xotic750/has-to-string-tag-x"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Xotic750/has-to-string-tag-x/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/Xotic750/has-to-string-tag-x.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has-symbol-support-x@1.4.2",
+ "name": "has-symbol-support-x",
+ "version": "1.4.2",
+ "description": "Tests if ES6 Symbol is supported.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dd3a0ebdafbe1da5be782a60a99ac27cde7520f07eedb24d553e825004f3b9e0791de6fca3a35a9b45771c6e5d943bd95351a7e502dc6da8622b0fd7564e4927"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has-symbol-support-x@1.4.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Xotic750/has-symbol-support-x"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Xotic750/has-symbol-support-x/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/Xotic750/has-symbol-support-x.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-object@1.0.1",
+ "name": "is-object",
+ "version": "1.0.1",
+ "description": "Checks whether a value is an object",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8952688c5ec2ffd6b03ecc85e769e02903083470"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-object@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/is-object"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/is-object/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/is-object.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-cancelable@0.4.1",
+ "name": "p-cancelable",
+ "version": "0.4.1",
+ "description": "Create a promise that can be canceled",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1cd6b503c2ef0759227bb704472cb6d5535e1dbd82589258ab2c82da8de495615f306945996bf667bb058191fc6626982fde72753a0a4c555780c57f3acd1b05"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-cancelable@0.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-cancelable#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-cancelable/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-cancelable.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-timeout@2.0.1",
+ "name": "p-timeout",
+ "version": "2.0.1",
+ "description": "Timeout a promise after a specified amount of time",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f3c7a6e7c743541fcaccf131d57d0ddcbc057d864fc8373807a785dfc335ae4f554d931bc575e08ee833f269b0a52f4ec7804367eb7ab7740fe7efe06b3c1e20"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-timeout@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-timeout#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-timeout/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-timeout.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-finally@1.0.0",
+ "name": "p-finally",
+ "version": "1.0.0",
+ "description": "`Promise#finally()` ponyfill - Invoked when the promise is settled regardless of outcome",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "3fbcfb15b899a44123b34b6dcc18b724336a2cae"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-finally@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-finally#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-finally/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-finally.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pify@3.0.0",
+ "name": "pify",
+ "version": "3.0.0",
+ "description": "Promisify a callback-style function",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e5a4acd2c101fdf3d9a4d07f0dbc4db49dd28176"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pify@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/pify#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/pify/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/pify.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/timed-out@4.0.1",
+ "name": "timed-out",
+ "version": "4.0.1",
+ "description": "Emit `ETIMEDOUT` or `ESOCKETTIMEDOUT` when ClientRequest is hanged",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f32eacac5a175bea25d7fab565ab3ed8741ef56f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/timed-out@4.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/floatdrop/timed-out#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/floatdrop/timed-out/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/floatdrop/timed-out.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/url-parse-lax@3.0.0",
+ "name": "url-parse-lax",
+ "version": "3.0.0",
+ "description": "Lax url.parse() with support for protocol-less URLs & IPs",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "16b5cafc07dbe3676c1b1999177823d6503acb0c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/url-parse-lax@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/url-parse-lax#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/url-parse-lax/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/url-parse-lax.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/url-to-options@1.0.1",
+ "name": "url-to-options",
+ "version": "1.0.1",
+ "description": "Convert a WHATWG URL to an http(s).request options object.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1505a03a289a48cbd7a434efbaeec5055f5633a9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/url-to-options@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stevenvachon/url-to-options#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stevenvachon/url-to-options/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stevenvachon/url-to-options.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest@24.9.0",
+ "name": "jest",
+ "version": "24.9.0",
+ "description": "Delightful JavaScript Testing.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "62f9012f5666eddd81d7e8797c710e7728c21beb06333e1ff03f3aff41e2a89e8c0783270dcf0580fe6f756b069de98e42ba3b967628f146a4677fb90348f11b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://jestjs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/import-local@2.0.0",
+ "name": "import-local",
+ "version": "2.0.0",
+ "description": "Let a globally installed package use a locally installed version of itself if available",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6fab34e26dcefacdc21926ea0c8c8fe11e9a03001e62556af7e59459ea7a8876bc11345ff727a2d54e3c0b93267c9995f4088b61804a3ccabf5befd646942609"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/import-local@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/import-local#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/import-local/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/import-local.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pkg-dir@3.0.0",
+ "name": "pkg-dir",
+ "version": "3.0.0",
+ "description": "Find the root directory of a Node.js project or npm package",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "fc4e7b018928790db9aa4c4c8f93c1395805f0a8aefe1edc612df4679f91ed66a208205f2eae7c648fdd49e68429bf565495799ffd37430acddc8796205965bf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pkg-dir@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/pkg-dir#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/pkg-dir/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/pkg-dir.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/find-up@3.0.0",
+ "name": "find-up",
+ "version": "3.0.0",
+ "description": "Find a file or directory by walking up parent directories",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d720fa4662c8d5705fc6e82f391c25724e9fef9b582fe891d23ab0b0eacec4c672198a94b83849d25e005dd3b5897fc54ecf5c040304935816484c759126f296"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/find-up@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/find-up#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/find-up/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/find-up.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/locate-path@3.0.0",
+ "name": "locate-path",
+ "version": "3.0.0",
+ "description": "Get the first path that exists on disk of multiple paths",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ec03bbe3cc169c884da80b9ab72d995879101d148d7cf548b0f21fc043963b6d8099aa15ad66af94e70c4799f34cb358be9dfa5f6db4fe669a46cade7351bae4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/locate-path@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/locate-path#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/locate-path/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/locate-path.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-locate@3.0.0",
+ "name": "p-locate",
+ "version": "3.0.0",
+ "description": "Get the first fulfilled promise that satisfies the provided testing function",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c7ed76c3f4e8fb81857e0261044a620dc2e8cd12467a063e122effcf4b522e4326c4664dc9b54c49f5a3f5a267f19e4573b74150d24e39580fbf61fb230ba549"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-locate@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-locate#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-locate/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-locate.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-limit@2.3.0",
+ "name": "p-limit",
+ "version": "2.3.0",
+ "description": "Run multiple promise-returning & async functions with limited concurrency",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ffff3c985592271f25c42cf07400014c92f6332581d76f9e218ecc0cbd92a8b98091e294f6ac51bd6b92c938e6dc5526a4110cb857dc90022a11a546503c5beb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-limit@2.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-limit#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-limit/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-limit.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-try@2.2.0",
+ "name": "p-try",
+ "version": "2.2.0",
+ "description": "`Start a promise chain",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4789cf0154c053407d0f7e7f1a4dee25fffb5d86d0732a2148a76f03121148d821165e1eef5855a069c1350cfd716697c4ed88d742930bede331dbefa0ac3a75"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-try@2.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-try#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-try/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-try.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/path-exists@3.0.0",
+ "name": "path-exists",
+ "version": "3.0.0",
+ "description": "Check if a path exists",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ce0ebeaa5f78cb18925ea7d810d7b59b010fd515"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/path-exists@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/path-exists#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/path-exists/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/path-exists.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/resolve-cwd@2.0.0",
+ "name": "resolve-cwd",
+ "version": "2.0.0",
+ "description": "Resolve the path of a module like `require.resolve()` but from the current working directory",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "00a9f7387556e27038eae232caa372a6a59b665a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/resolve-cwd@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/resolve-cwd#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/resolve-cwd/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/resolve-cwd.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/resolve-from@3.0.0",
+ "name": "resolve-from",
+ "version": "3.0.0",
+ "description": "Resolve the path of a module like `require.resolve()` but from a given path",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b22c7af7d9d6881bc8b6e653335eebcb0a188748"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/resolve-from@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/resolve-from#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/resolve-from/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/resolve-from.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-cli@24.9.0",
+ "name": "jest-cli",
+ "version": "24.9.0",
+ "description": "Delightful JavaScript Testing.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f952d12b28ad4f7056a0c7925081d1c55ff683ccbd830f75261e73d949976739192a96c2d3c0927a15718075304e9cbe1f019c9ecfeda9a7d00c95bb8a662f1a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-cli@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://jestjs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40jest/core@24.9.0",
+ "group": "@jest",
+ "name": "core",
+ "version": "24.9.0",
+ "description": "Delightful JavaScript Testing.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "168820dece30940af5557eeafab855f5156752fe6d0fb56e59f632d7ec21322594aef97b537409489c967038a8f4bab6a6ba98b1969e4efd91cf6e29586909d8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40jest/core@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://jestjs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40jest/console@24.9.0",
+ "group": "@jest",
+ "name": "console",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "66e8fa6fc4e72978b7ab8ca669cf0441f73779afee84b782193845a97782f07f7fada687f0044f51374877e5f219dd37678227d3f5630f639815c045d3d7cd2d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40jest/console@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40jest/source-map@24.9.0",
+ "group": "@jest",
+ "name": "source-map",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "fd7c3bc4696c65be0c273343801ecf5b972ba2ee49a9688141acfac723dddc0ace8369df9ff3ee9d5f3ea255db6c4673365e7dd68e6b58a13d0510da140b8806"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40jest/source-map@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/callsites@3.1.0",
+ "name": "callsites",
+ "version": "3.1.0",
+ "description": "Get callsites from the V8 stack trace API",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3fc06302c5ef652f95203508d7584709012fef8613ebb6148b924914d588a8bdb7e6c0668d7e3eab1f4cbaf96ce62bf234435cb71e3ac502d0dda4ee13bb2c69"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/callsites@3.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/callsites#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/callsites/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/callsites.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/graceful-fs@4.2.4",
+ "name": "graceful-fs",
+ "version": "4.2.4",
+ "description": "A drop-in replacement for fs, making various improvements.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5a328f34917bf5db490159e2525186587606cf68d6c53e9584dff89b535d91b6769ceb0417e708d44760aa5e7309186cfd5b10611beb5dcb7192d557654922c7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/graceful-fs@4.2.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/node-graceful-fs#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/node-graceful-fs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/isaacs/node-graceful-fs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/source-map@0.6.1",
+ "name": "source-map",
+ "version": "0.6.1",
+ "description": "Generates and consumes source maps",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "52381aa6e99695b3219018334fb624739617513e3a17488abbc4865ead1b7303f9773fe1d0f963e9e9c9aa3cf565bab697959aa989eb55bc16396332177178ee"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/source-map@0.6.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mozilla/source-map"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mozilla/source-map/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/mozilla/source-map.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/slash@2.0.0",
+ "name": "slash",
+ "version": "2.0.0",
+ "description": "Convert Windows backslash paths to slash paths",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6582a1dd6876cf53e91175abd0ca52059d15ea66470107d87afb6d3b5d5ce7509a5a319369a762299fb056dd4f6cc943579aa1305b25a5909e9a1c0e2bb0bcf4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/slash@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/slash#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/slash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/slash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40jest/reporters@24.9.0",
+ "group": "@jest",
+ "name": "reporters",
+ "version": "24.9.0",
+ "description": "Jest's reporters",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9aee17d328da1eb7df3ac5a654bce2b4a9a6996490dc61ae79f80db1c51258d89435c10e484424f64de911128441505bd029e7f3cf9411222c644307de8f3c1b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40jest/reporters@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://jestjs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40jest/environment@24.9.0",
+ "group": "@jest",
+ "name": "environment",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e40d5096e4cf86f7483c56273b7b190b7b2690d7973d510bcfb8a43db8548f46d08c1d3b12813daad2eb7a6d786546167556b261bb235702222f858120c57869"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40jest/environment@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40jest/fake-timers@24.9.0",
+ "group": "@jest",
+ "name": "fake-timers",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "79641c35ad984b0cd7588302e4ab9f061de85912228eb40544eb08aadeaffcd4bd228fe0927c358ec002f5cfa287f4505f80373bb49e58085078dd20a0a853f4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40jest/fake-timers@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40jest/types@24.9.0",
+ "group": "@jest",
+ "name": "types",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5ca2bbcded5aa6ee49590e5e6631c84cfeba017f90b0b95b689441198afca4dcf07001362559309dfd32aa31d3b0345c8d1d26ba3cbf36664c5f0e6497e90607"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40jest/types@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/istanbul-lib-coverage@2.0.3",
+ "group": "@types",
+ "name": "istanbul-lib-coverage",
+ "version": "2.0.3",
+ "description": "TypeScript definitions for istanbul-lib-coverage",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b33ee22eabd5520d6021e7413af964c4f95cf3fb95cf24b93b01b3d5c2a35f3925dc5a4bdda97472b53c6065355a81e4c67d16c5bc39b728ba86fcc928dcc5b3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/istanbul-lib-coverage@2.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/istanbul-reports@1.1.2",
+ "group": "@types",
+ "name": "istanbul-reports",
+ "version": "1.1.2",
+ "description": "TypeScript definitions for istanbul-reports",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3ff5bdc8e5ffde83d94a96983824331aa8024115e7d0514efd5f1b5ab090b3ec0b9af555c64e824415c02c4bcdb3d38721ab659e516891f86e0e8dae834d5c8b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/istanbul-reports@1.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/istanbul-lib-report@3.0.0",
+ "group": "@types",
+ "name": "istanbul-lib-report",
+ "version": "3.0.0",
+ "description": "TypeScript definitions for istanbul-lib-report",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a651a05c03df54a16861f6bd369603024b1e1be83a26bdbde11a9ea9ca838b149b537e0c6552518bf3feed8f060e9ce41302da19964ea4a20499e55936d2acae"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/istanbul-lib-report@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/yargs@13.0.9",
+ "group": "@types",
+ "name": "yargs",
+ "version": "13.0.9",
+ "description": "TypeScript definitions for yargs",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c6bbe16780d97b03038681f5bad2ed380c18432eb47981685de8dedf44f333754ebd0941c10684a4a16ae66df8935c0ec3600a222da9c2d8808dd9a1be5054ce"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/yargs@13.0.9",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/yargs-parser@15.0.0",
+ "group": "@types",
+ "name": "yargs-parser",
+ "version": "15.0.0",
+ "description": "TypeScript definitions for yargs-parser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "140fc15aff2df19589fa010e9cb2ddf328311ffd9415b02f804a27c9f37ac9618b29cef35636e99766380938e277d87645f80f3fa484b7ab87c043a9972d34cb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/yargs-parser@15.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-message-util@24.9.0",
+ "name": "jest-message-util",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a028fc1626775348533f8692ba2f3b3f82f88c2dfb06d43050caa4fb393f6f5d45475f41243799b1902f207bad5a79adc3bafce54991dc21166741d653698097"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-message-util@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/code-frame@7.10.4",
+ "group": "@babel",
+ "name": "code-frame",
+ "version": "7.10.4",
+ "description": "Generate errors that contain a code frame that point to source locations.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "bc6e92bc1ea860486f822b193454664425242f3d7573bae9fad6cd4f29c6a9cea64b577901377fb06c95e96d0a6599d744a313cd90d18104f73aef6386901f52"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/code-frame@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/highlight@7.10.4",
+ "group": "@babel",
+ "name": "highlight",
+ "version": "7.10.4",
+ "description": "Syntax highlight JavaScript strings for output in terminals.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8baae09d1fd880f110cd96676d31c7b9976513cab2a0135a943e85faae2f00595c30472a9a4a06fa63ea258242a3adea3dfef8f98d5466c97797a7fbfd122498"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/highlight@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-validator-identifier@7.10.4",
+ "group": "@babel",
+ "name": "helper-validator-identifier",
+ "version": "7.10.4",
+ "description": "Validate identifier/keywords name",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dd4f72fb8de1cfb64cfabcc6db841eda6b9f5b92a1bc583f3619cda61fa2f66802b5d4c2b4c26e2354cc92b21488aec8c783d895117d239761a9a2d803f0035f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-validator-identifier@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/js-tokens@4.0.0",
+ "name": "js-tokens",
+ "version": "4.0.0",
+ "description": "A regex that tokenizes JavaScript.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "45d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf84737893a6a9809b627dca02b53f5b7313a9601b690f690233a49bce0e026aeb16fcf29"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/js-tokens@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lydell/js-tokens#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lydell/js-tokens/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lydell/js-tokens.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40jest/test-result@24.9.0",
+ "group": "@jest",
+ "name": "test-result",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5c416b1db0689c127c746a7626617c90ffe7408fc898fa7280a1f043f498f9eb39f59dcbe4f23841bf5341030011e62c4e11b5c45d24ead986d2d20a01336288"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40jest/test-result@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/stack-utils@1.0.1",
+ "group": "@types",
+ "name": "stack-utils",
+ "version": "1.0.1",
+ "description": "TypeScript definitions for stack-utils",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "978d81820a6947accb9a97d4e9fabd1c46b6a063c423ccab48f2f71884e37d1227a696056a139b6c840e40add41b1127c90a65b592da3deef9d38e8d39942293"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/stack-utils@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/micromatch@3.1.10",
+ "name": "micromatch",
+ "version": "3.1.10",
+ "description": "Glob matching for javascript/node.js. A drop-in replacement and faster alternative to minimatch and multimatch.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3168a4825f67f4cdf0f9ba6c6371def0bfb0f5e17ddf7f31465f0800ee6f8838b3c12cf3885132533a36c6bae5a01eb80036d37fcb80f2f46aaadb434ce99c72"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/micromatch@3.1.10",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/micromatch/micromatch"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/micromatch/micromatch/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/micromatch/micromatch.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/arr-diff@4.0.0",
+ "name": "arr-diff",
+ "version": "4.0.0",
+ "description": "Returns an array with only the unique values from the first array, by excluding all values from additional arrays using strict equality for comparisons.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d6461074febfec71e7e15235761a329a5dc7c520"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/arr-diff@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/arr-diff"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/arr-diff/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/arr-diff.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/array-unique@0.3.2",
+ "name": "array-unique",
+ "version": "0.3.2",
+ "description": "Remove duplicate values from an array. Fastest ES5 implementation.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a894b75d4bc4f6cd679ef3244a9fd8f46ae2d428"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/array-unique@0.3.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/array-unique"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/array-unique/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/array-unique.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/braces@2.3.2",
+ "name": "braces",
+ "version": "2.3.2",
+ "description": "Bash-like brace expansion, implemented in JavaScript. Safer than other brace expansion libs, with complete support for the Bash 4.3 braces specification, without sacrificing speed.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "68d75b9e3f4ff0f8dd5d4e326da58b2b6205de373f1280d86c2ec06b35bab68dd346c7d7c6c702f545ce07988388442b93221b5a9d922d075ae3e4006bb9dcdf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/braces@2.3.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/micromatch/braces"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/micromatch/braces/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/micromatch/braces.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/arr-flatten@1.1.0",
+ "name": "arr-flatten",
+ "version": "1.1.0",
+ "description": "Recursively flatten an array or arrays.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2f784a57947fa79a3cd51eced362069f0a439a4a7a13df365e1b5bbb049edcee2a3ad30c32da1d89c0120350a7cb653e6825dc3699a5fa6e1d3ecbec2778dab6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/arr-flatten@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/arr-flatten"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/arr-flatten/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/arr-flatten.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/extend-shallow@2.0.1",
+ "name": "extend-shallow",
+ "version": "2.0.1",
+ "description": "Extend an object with the properties of additional objects. node.js/javascript util.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "51af7d614ad9a9f610ea1bafbb989d6b1c56890f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/extend-shallow@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/extend-shallow"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/extend-shallow/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/extend-shallow.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-extendable@0.1.1",
+ "name": "is-extendable",
+ "version": "0.1.1",
+ "description": "Returns true if a value is any of the object types: array, regexp, plain object, function or date. This is useful for determining if a value can be extended, e.g. \"can the value have keys?\"",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "62b110e289a471418e3ec36a617d472e301dfc89"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-extendable@0.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-extendable"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-extendable/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-extendable.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/fill-range@4.0.0",
+ "name": "fill-range",
+ "version": "4.0.0",
+ "description": "Fill in a range of numbers or letters, optionally passing an increment or `step` to use, or create a regex-compatible range with `options.toRegex`",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d544811d428f98eb06a63dc402d2403c328c38f7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/fill-range@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/fill-range"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/fill-range/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/fill-range.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-number@3.0.0",
+ "name": "is-number",
+ "version": "3.0.0",
+ "description": "Returns true if the value is a number. comprehensive tests.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "24fd6201a4782cf50561c810276afc7d12d71195"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-number@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-number"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-number/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-number.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/kind-of@3.2.2",
+ "name": "kind-of",
+ "version": "3.2.2",
+ "description": "Get the native type of a value.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "31ea21a734bab9bbb0f32466d893aea51e4a3c64"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/kind-of@3.2.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/kind-of"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/kind-of/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/kind-of.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-buffer@1.1.6",
+ "name": "is-buffer",
+ "version": "1.1.6",
+ "description": "Determine if an object is a Buffer",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "35c7402f0a579139b966fbdb93ba303944af56f04a0e028fe7f7b07d71339e64057ece194666a739e2814e34558e46b7405a0de9727ef45dd44aa7c7a93694e7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-buffer@1.1.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/feross/is-buffer#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/feross/is-buffer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/feross/is-buffer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/repeat-string@1.6.1",
+ "name": "repeat-string",
+ "version": "1.6.1",
+ "description": "Repeat the given string n times. Fastest implementation for repeating a string.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8dcae470e1c88abc2d600fff4a776286da75e637"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/repeat-string@1.6.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/repeat-string"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/repeat-string/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/repeat-string.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/to-regex-range@2.1.1",
+ "name": "to-regex-range",
+ "version": "2.1.1",
+ "description": "Pass two numbers, get a regex-compatible source string for matching ranges. Validated against more than 2.78 million test assertions.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "7c80c17b9dfebe599e27367e0d4dd5590141db38"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/to-regex-range@2.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/micromatch/to-regex-range"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/micromatch/to-regex-range/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/micromatch/to-regex-range.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/isobject@3.0.1",
+ "name": "isobject",
+ "version": "3.0.1",
+ "description": "Returns true if the value is an object and not an array or null.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4e431e92b11a9731636aa1f9c8d1ccbcfdab78df"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/isobject@3.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/isobject"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/isobject/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/isobject.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/repeat-element@1.1.3",
+ "name": "repeat-element",
+ "version": "1.1.3",
+ "description": "Create an array by repeating the given value n times.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6a11aad199d5e66e57b592cc6febcfefa91c00ce6790baa4d25a6a02ea2348a1a042d9f87918b86591a6da8968db32851feb0cb166aa3825b576a0273abbbbda"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/repeat-element@1.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/repeat-element"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/repeat-element/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/repeat-element.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/snapdragon@0.8.2",
+ "name": "snapdragon",
+ "version": "0.8.2",
+ "description": "Fast, pluggable and easy-to-use parser-renderer factory.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "16dc8e9d637fc021d355738cc2f4afdba77e928e6f5a52030face8509ecb5bcbe1f99042f107658ef7913fe72b36bb41c22a04516cbfe1d32d6c18c0e22a0d96"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/snapdragon@0.8.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/snapdragon"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/snapdragon/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/snapdragon.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/base@0.11.2",
+ "name": "base",
+ "version": "0.11.2",
+ "description": "base is the foundation for creating modular, unit testable and highly pluggable node.js applications, starting with a handful of common methods, like `set`, `get`, `del` and `use`.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e53e8fe313e0a69d180c5bd25b0119e0da04dda3384014170f39956eb6829058fccc733e99b6bc4b2a81e436d95b247b9981e8e98ec1750a373280389b44de42"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/base@0.11.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/node-base/base"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/node-base/base/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/node-base/base.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cache-base@1.0.1",
+ "name": "cache-base",
+ "version": "1.0.1",
+ "description": "Basic object cache with `get`, `set`, `del`, and `has` methods for node.js/javascript projects.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "00a71d4e71525804dde7f1823d1c6bd82870209f3909ecab1328d11e52b1439e9de1724c1b29b4b8088a9f4c5b2ce18e977fb24693938b8f38755084739014cd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cache-base@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/cache-base"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/cache-base/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/cache-base.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/collection-visit@1.0.0",
+ "name": "collection-visit",
+ "version": "1.0.0",
+ "description": "Visit a method over the items in an object, or map visit over the objects in an array.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4bc0373c164bc3291b4d368c829cf1a80a59dca0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/collection-visit@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/collection-visit"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/collection-visit/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/collection-visit.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/map-visit@1.0.0",
+ "name": "map-visit",
+ "version": "1.0.0",
+ "description": "Map `visit` over an array of objects.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ecdca8f13144e660f1b5bd41f12f3479d98dfb8f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/map-visit@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/map-visit"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/map-visit/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/map-visit.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/object-visit@1.0.1",
+ "name": "object-visit",
+ "version": "1.0.1",
+ "description": "Call a specified method on each value in the given object.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f79c4493af0c5377b59fe39d395e41042dd045bb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/object-visit@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/object-visit"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/object-visit/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/object-visit.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/component-emitter@1.3.0",
+ "name": "component-emitter",
+ "version": "1.3.0",
+ "description": "Event emitter",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "45ddec7ba401fac3b54f0a998ec710aeeae910f21f3b4ff26274a29fa43fac3de63aeb47bd4ac202126e6f7afdd2e35bf9211206e134418a01f7461d7dab6c46"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/component-emitter@1.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/component/emitter#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/component/emitter/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/component/emitter.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/get-value@2.0.6",
+ "name": "get-value",
+ "version": "2.0.6",
+ "description": "Use property paths (`a.b.c`) to get a nested value from an object.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "dc15ca1c672387ca76bd37ac0a395ba2042a2c28"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/get-value@2.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/get-value"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/get-value/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/get-value.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has-value@1.0.0",
+ "name": "has-value",
+ "version": "1.0.0",
+ "description": "Returns true if a value exists, false if empty. Works with deeply nested values using object paths.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "18b281da585b1c5c51def24c930ed29a0be6b177"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has-value@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/has-value"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/has-value/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/has-value.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has-values@1.0.0",
+ "name": "has-values",
+ "version": "1.0.0",
+ "description": "Returns true if any values exist, false if empty. Works for booleans, functions, numbers, strings, nulls, objects and arrays. ",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "95b0b63fec2146619a6fe57fe75628d5a39efe4f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has-values@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/has-values"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/has-values/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/has-values.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/kind-of@4.0.0",
+ "name": "kind-of",
+ "version": "4.0.0",
+ "description": "Get the native type of a value.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "20813df3d712928b207378691a45066fae72dd57"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/kind-of@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/kind-of"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/kind-of/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/kind-of.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/set-value@2.0.1",
+ "name": "set-value",
+ "version": "2.0.1",
+ "description": "Create nested values and any intermediaries using dot notation (`'a.b.c'`) paths.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2711dcd7078237af30458d1f842a17a722b9e66fd73c769f3a62b85160fb9b6088d7818c705ca9b78c3fd3e355e5ffd931bcb617a4b6c3003b7e0ca787d8164b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/set-value@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/set-value"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/set-value/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/set-value.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-plain-object@2.0.4",
+ "name": "is-plain-object",
+ "version": "2.0.4",
+ "description": "Returns true if an object was created by the `Object` constructor.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8793e98179168ad737f0104c61ac1360c5891c564956706ab85139ef11698c1f29245885ea067e6d4f96c88ff2a9788547999d2ec81835a3def2e6a8e94bfd3a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-plain-object@2.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-plain-object"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-plain-object/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-plain-object.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/split-string@3.1.0",
+ "name": "split-string",
+ "version": "3.1.0",
+ "description": "Split a string on a character except when the character is escaped.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3733558490d8a7071e5558a2f3f1eee8329f0f61be36b407952fd5fea82fefadc462e755c0470c40dc5dda587ed15ad40725cdfe826497982b3a1616bd05188b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/split-string@3.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/split-string"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/split-string/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/split-string.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/extend-shallow@3.0.2",
+ "name": "extend-shallow",
+ "version": "3.0.2",
+ "description": "Extend an object with the properties of additional objects. node.js/javascript util.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "26a71aaf073b39fb2127172746131c2704028db8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/extend-shallow@3.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/extend-shallow"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/extend-shallow/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/extend-shallow.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/assign-symbols@1.0.0",
+ "name": "assign-symbols",
+ "version": "1.0.0",
+ "description": "Assign the enumerable es6 Symbol properties from an object (or objects) to the first object passed on the arguments. Can be used as a supplement to other extend, assign or merge methods as a polyfill for the Symbols part of the es6 Object.assign method.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/assign-symbols@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/assign-symbols"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/assign-symbols/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/assign-symbols.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-extendable@1.0.1",
+ "name": "is-extendable",
+ "version": "1.0.1",
+ "description": "Returns true if a value is a plain object, array or function.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6ab9d73314f5861a0aa3d9352d976694dc897430dfcb6bf47d78c5966a24e3e8bcba5ffa5a56d581ef5b84cef83a934f40f306513a03b73f8a5dad4f9de27138"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-extendable@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-extendable"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-extendable/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-extendable.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/to-object-path@0.3.0",
+ "name": "to-object-path",
+ "version": "0.3.0",
+ "description": "Create an object path from a list or array of strings.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "297588b7b0e7e0ac08e04e672f85c1f4999e17af"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/to-object-path@0.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/to-object-path"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/to-object-path/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/to-object-path.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/union-value@1.0.1",
+ "name": "union-value",
+ "version": "1.0.1",
+ "description": "Set an array of unique values as the property of an object. Supports setting deeply nested properties using using object-paths/dot notation.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b497d79b131e5989dccc256ced7004bc857b89ea6900b7727a958c90793072246966b686ff1c13facd8937cfa9af5fbc8c245ff34145cefafe32941e7a81785e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/union-value@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/union-value"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/union-value/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/union-value.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/arr-union@3.1.0",
+ "name": "arr-union",
+ "version": "3.1.0",
+ "description": "Combines a list of arrays, returning a single array with unique values, using strict equality for comparisons.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e39b09aea9def866a8f206e288af63919bae39c4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/arr-union@3.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/arr-union"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/arr-union/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/arr-union.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/unset-value@1.0.0",
+ "name": "unset-value",
+ "version": "1.0.0",
+ "description": "Delete nested properties from an object using dot notation.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8376873f7d2335179ffb1e6fc3a8ed0dfc8ab559"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/unset-value@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/unset-value"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/unset-value/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/unset-value.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has-value@0.3.1",
+ "name": "has-value",
+ "version": "0.3.1",
+ "description": "Returns true if a value exists, false if empty. Works with deeply nested values using object paths.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "7b1f58bada62ca827ec0a2078025654845995e1f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has-value@0.3.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/has-value"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/has-value/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/has-value.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has-values@0.1.4",
+ "name": "has-values",
+ "version": "0.1.4",
+ "description": "Returns true if any values exist, false if empty. Works for booleans, functions, numbers, strings, nulls, objects and arrays. ",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6d61de95d91dfca9b9a02089ad384bff8f62b771"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has-values@0.1.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/has-values"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/has-values/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/has-values.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/isobject@2.1.0",
+ "name": "isobject",
+ "version": "2.1.0",
+ "description": "Returns true if the value is an object and not an array or null.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f065561096a3f1da2ef46272f815c840d87e0c89"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/isobject@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/isobject"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/isobject/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/isobject.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/class-utils@0.3.6",
+ "name": "class-utils",
+ "version": "0.3.6",
+ "description": "Utils for working with JavaScript classes and prototype methods.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a8e84f6bf163eece9363c1fc7ac1aee5036930c431cfbf61faeaf3acd60dea69fef419f194319fe5067e5de083b314a33eab12479e973993899a97aeae72cc7a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/class-utils@0.3.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/class-utils"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/class-utils/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/class-utils.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/define-property@0.2.5",
+ "name": "define-property",
+ "version": "0.2.5",
+ "description": "Define a non-enumerable property on an object.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c35b1ef918ec3c990f9a5bc57be04aacec5c8116"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/define-property@0.2.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/define-property"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/define-property/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/define-property.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-descriptor@0.1.6",
+ "name": "is-descriptor",
+ "version": "0.1.6",
+ "description": "Returns true if a value has the characteristics of a valid JavaScript descriptor. Works for data descriptors and accessor descriptors.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6af0d8af4481dc3c0ef73b0ca2fd20282112158a829c4e21abfe33dd375496e904cb9b7d0b4611abb1cbaec379d8d01ca9729a7a97820f49fe0746ab9d51b71e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-descriptor@0.1.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-descriptor"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-descriptor/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-descriptor.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-accessor-descriptor@0.1.6",
+ "name": "is-accessor-descriptor",
+ "version": "0.1.6",
+ "description": "Returns true if a value has the characteristics of a valid JavaScript accessor descriptor.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a9e12cb3ae8d876727eeef3843f8a0897b5c98d6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-accessor-descriptor@0.1.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-accessor-descriptor"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-accessor-descriptor/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-accessor-descriptor.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-data-descriptor@0.1.4",
+ "name": "is-data-descriptor",
+ "version": "0.1.4",
+ "description": "Returns true if a value has the characteristics of a valid JavaScript data descriptor.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "0b5ee648388e2c860282e793f1856fec3f301b56"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-data-descriptor@0.1.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-data-descriptor"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-data-descriptor/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-data-descriptor.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/kind-of@5.1.0",
+ "name": "kind-of",
+ "version": "5.1.0",
+ "description": "Get the native type of a value.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "346104ae71fa176bd4b970e1f8e95b70a5bbff039c7dd447699ed55ada82ced7c7ae2ffef982a63f9d4e7567863eea8239b6ba924d8e4dee5dd365664c1f343f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/kind-of@5.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/kind-of"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/kind-of/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/kind-of.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/static-extend@0.1.2",
+ "name": "static-extend",
+ "version": "0.1.2",
+ "description": "Adds a static `extend` method to a class, to simplify inheritance. Extends the static properties, prototype properties, and descriptors from a `Parent` constructor onto `Child` constructors.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "60809c39cbff55337226fd5e0b520f341f1fb5c6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/static-extend@0.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/static-extend"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/static-extend/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/static-extend.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/object-copy@0.1.0",
+ "name": "object-copy",
+ "version": "0.1.0",
+ "description": "Copy static properties, prototype properties, and descriptors from one object to another.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "7e7d858b781bd7c991a41ba975ed3812754e998c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/object-copy@0.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/object-copy"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/object-copy/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/object-copy.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/copy-descriptor@0.1.1",
+ "name": "copy-descriptor",
+ "version": "0.1.1",
+ "description": "Copy a descriptor from object A to object B",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "676f6eb3c39997c2ee1ac3a924fd6124748f578d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/copy-descriptor@0.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/copy-descriptor"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/copy-descriptor/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/copy-descriptor.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/define-property@1.0.0",
+ "name": "define-property",
+ "version": "1.0.0",
+ "description": "Define a non-enumerable property on an object.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "769ebaaf3f4a63aad3af9e8d304c9bbe79bfb0e6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/define-property@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/define-property"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/define-property/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/define-property.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-descriptor@1.0.2",
+ "name": "is-descriptor",
+ "version": "1.0.2",
+ "description": "Returns true if a value has the characteristics of a valid JavaScript descriptor. Works for data descriptors and accessor descriptors.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d9e8ace56a90195ee97a8a03c8b98d10f52ba6cf7e4975f973da4bdf1101fb87bd1e71ae0daee607b907c47c3809ba92f64d53da1387de688bf27f16b62615b6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-descriptor@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-descriptor"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-descriptor/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-descriptor.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-accessor-descriptor@1.0.0",
+ "name": "is-accessor-descriptor",
+ "version": "1.0.0",
+ "description": "Returns true if a value has the characteristics of a valid JavaScript accessor descriptor.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9b98671d391c56c3dfab1dc02a5cadb483dbec9f97ca41ef24fd81f5b6438e584b22812ae17a0aeb8560edba199555982ba2d463de1d60f104ecb87466464a71"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-accessor-descriptor@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-accessor-descriptor"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-accessor-descriptor/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-accessor-descriptor.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/kind-of@6.0.3",
+ "name": "kind-of",
+ "version": "6.0.3",
+ "description": "Get the native type of a value.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "75c4b5ba5fbdb66783f794fec76f3f7a12e077d98435adcbb2f0d3b739b7bf20443bb44fa6dbc00feb78e165576948d305172ba45785942f160abb94478e7a87"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/kind-of@6.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/kind-of"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/kind-of/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/kind-of.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-data-descriptor@1.0.0",
+ "name": "is-data-descriptor",
+ "version": "1.0.0",
+ "description": "Returns true if a value has the characteristics of a valid JavaScript data descriptor.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8db457cb5166b40a028d0915988558c2ebaa0c551b68e7838e679dd6d3863ebb0c86d240e2b0fdb64800d05d6a2778111515dc1d856475e68fe74439ac4fe32d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-data-descriptor@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-data-descriptor"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-data-descriptor/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-data-descriptor.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mixin-deep@1.3.2",
+ "name": "mixin-deep",
+ "version": "1.3.2",
+ "description": "Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "591a039fffe65c1889d47e34aea6b7bc7d2da1e3f04ac19be398889d6953c926be52ee24ded6144b16b6bf52aa0222edbe5ad2cda131a92d60b64f7a03dcef10"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mixin-deep@1.3.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/mixin-deep"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/mixin-deep/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/mixin-deep.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/for-in@1.0.2",
+ "name": "for-in",
+ "version": "1.0.2",
+ "description": "Iterate over the own and inherited enumerable properties of an object, and return an object with properties that evaluate to true from the callback. Exit early by returning `false`. JavaScript/Node.js",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "81068d295a8142ec0ac726c6e2200c30fb6d5e80"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/for-in@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/for-in"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/for-in/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/for-in.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pascalcase@0.1.1",
+ "name": "pascalcase",
+ "version": "0.1.1",
+ "description": "Convert a string to pascal-case.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b363e55e8006ca6fe21784d2db22bd15d7917f14"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pascalcase@0.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/pascalcase"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/pascalcase/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/pascalcase.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/map-cache@0.2.2",
+ "name": "map-cache",
+ "version": "0.2.2",
+ "description": "Basic cache object for storing key-value pairs.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c32abd0bd6525d9b051645bb4f26ac5dc98a0dbf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/map-cache@0.2.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/map-cache"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/map-cache/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/map-cache.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/source-map@0.5.7",
+ "name": "source-map",
+ "version": "0.5.7",
+ "description": "Generates and consumes source maps",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8a039d2d1021d22d1ea14c80d8ea468ba2ef3fcc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/source-map@0.5.7",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mozilla/source-map"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mozilla/source-map/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/mozilla/source-map.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/source-map-resolve@0.5.3",
+ "name": "source-map-resolve",
+ "version": "0.5.3",
+ "description": "Resolve the source map and/or sources for a generated file.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1edcfe467b175a4e7e3f6b25c79261dd0ebabe1423d429659b4cef9da63df3e345c7e0efd8217f7f93bfb7cc7e29a35dadd200b2bb8dce887f2a989a95ba809f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/source-map-resolve@0.5.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lydell/source-map-resolve#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lydell/source-map-resolve/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lydell/source-map-resolve.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/atob@2.1.2",
+ "name": "atob",
+ "version": "2.1.2",
+ "description": "atob for Node.JS and Linux / Mac / Windows CLI (it's a one-liner)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5a6eae92868e1898bfef7a7f725d86bcb8d323924cd64fced788ac0fbdd830bf12b6b1ffeff9511609a0f272026600f76d966f8f0086c6d30e0f7c16340bbc72"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "(MIT OR Apache-2.0)"
+ }
+ }
+ ],
+ "purl": "pkg:npm/atob@2.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://git.coolaj86.com/coolaj86/atob.js.git"
+ },
+ {
+ "type": "vcs",
+ "url": "git://git.coolaj86.com/coolaj86/atob.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/resolve-url@0.2.1",
+ "name": "resolve-url",
+ "version": "0.2.1",
+ "description": "Like Node.js’ `path.resolve`/`url.resolve` for the browser.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2c637fe77c893afd2a663fe21aa9080068e2052a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/resolve-url@0.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lydell/resolve-url#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lydell/resolve-url/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lydell/resolve-url.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/source-map-url@0.4.0",
+ "name": "source-map-url",
+ "version": "0.4.0",
+ "description": "Tools for working with sourceMappingURL comments.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "3e935d7ddd73631b97659956d55128e87b5084a3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/source-map-url@0.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lydell/source-map-url#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lydell/source-map-url/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lydell/source-map-url.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/urix@0.1.0",
+ "name": "urix",
+ "version": "0.1.0",
+ "description": "Makes Windows-style paths more unix and URI friendly.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "da937f7a62e21fec1fd18d49b35c2935067a6c72"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/urix@0.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lydell/urix#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lydell/urix/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lydell/urix.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/use@3.1.1",
+ "name": "use",
+ "version": "3.1.1",
+ "description": "Easily add plugin support to your node.js application.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "73011255794edeeae5f585a5156fd303d72c842121b6eec8289fe9e6ca09fe01a98fbbdbbc5ac063f7888a843a0f0db72a3661620888a3c1ceb359d0dafaffa1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/use@3.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/use"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/use/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/use.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/snapdragon-node@2.1.1",
+ "name": "snapdragon-node",
+ "version": "2.1.1",
+ "description": "Snapdragon utility for creating a new AST node in custom code, such as plugins.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3b6ee5e3168c62dfd1490e53477be9582001e4a6ff73321ca9414e33f0b87d870b9db6547353e48d300c8e87f6a4159a493c0e51deaa5077051951a3eda2309f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/snapdragon-node@2.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/snapdragon-node"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/snapdragon-node/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/snapdragon-node.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/snapdragon-util@3.0.1",
+ "name": "snapdragon-util",
+ "version": "3.0.1",
+ "description": "Utilities for the snapdragon parser/compiler.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "99b2a431d40ab235f80402f86d16138f6d5e74e7fc70ded71dd6142447be667f7d85511870cbca3dcb7522a35eefe0193e2ae7f01083390047419927aa62a565"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/snapdragon-util@3.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/snapdragon-util"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/snapdragon-util/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/snapdragon-util.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/to-regex@3.0.2",
+ "name": "to-regex",
+ "version": "3.0.2",
+ "description": "Generate a regex from a string or array of strings.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "156b6578d02d67f2a2daab6a7a3d825d339ac8e1fd6c70d017e438f15a56c835e36d8c40e18cfc883077d735ce05494e1c72a27436ea195ad352f40c3e604607"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/to-regex@3.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/to-regex"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/to-regex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/to-regex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/define-property@2.0.2",
+ "name": "define-property",
+ "version": "2.0.2",
+ "description": "Define a non-enumerable property on an object. Uses Reflect.defineProperty when available, otherwise Object.defineProperty.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8f02b6515e1c9cfa5b706efe55101129364f516a30c1703c6f31f934feae774a1e031c983ee1995000bb84cba0a42773e01792665d8397d93ae821c9ff8e9961"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/define-property@2.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/define-property"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/define-property/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/define-property.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/regex-not@1.0.2",
+ "name": "regex-not",
+ "version": "1.0.2",
+ "description": "Create a javascript regular expression for matching everything except for the given string.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "27a4838d4803c508f936eb273ad745c43c0dffe1d6ca447c1842f072d27b99daa1732cb5c44738491147517bf14e9ebad586952808df44b67d702a92ead9f7d8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/regex-not@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/regex-not"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/regex-not/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/regex-not.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/safe-regex@1.1.0",
+ "name": "safe-regex",
+ "version": "1.1.0",
+ "description": "detect possibly catastrophic, exponential-time regular expressions",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "40a3669f3b077d1e943d44629e157dd48023bf2e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/safe-regex@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/substack/safe-regex"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/substack/safe-regex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/substack/safe-regex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ret@0.1.15",
+ "name": "ret",
+ "version": "0.1.15",
+ "description": "Tokenizes a string that represents a regular expression.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4d3958a5af8e2febcc30d1b6e314a5406109dc1fd1cc47d494b72dedbe46ff2b5abfec0fae9942a55305bb0cd76e479c26b6fa218a358856f44bdbf7efbe789a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ret@0.1.15",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/fent/ret.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/fent/ret.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/fent/ret.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/extglob@2.0.4",
+ "name": "extglob",
+ "version": "2.0.4",
+ "description": "Extended glob support for JavaScript. Adds (almost) the expressive power of regular expressions to glob patterns.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3666fa4179042ecb81af6e02252922968e941c781b7a42b95226607c4e941c3dc46f6ed80baa03f9b85c4feb49e9c97c766b20750c675a572bcbc92c04804ba7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/extglob@2.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/micromatch/extglob"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/micromatch/extglob/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/micromatch/extglob.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/expand-brackets@2.1.4",
+ "name": "expand-brackets",
+ "version": "2.1.4",
+ "description": "Expand POSIX bracket expressions (character classes) in glob patterns.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b77735e315ce30f6b6eff0f83b04151a22449622"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/expand-brackets@2.1.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/expand-brackets"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/expand-brackets/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/expand-brackets.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/posix-character-classes@0.1.1",
+ "name": "posix-character-classes",
+ "version": "0.1.1",
+ "description": "POSIX character classes for creating regular expressions.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "01eac0fe3b5af71a2a6c02feabb8c1fef7e00eab"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/posix-character-classes@0.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/posix-character-classes"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/posix-character-classes/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/posix-character-classes.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/fragment-cache@0.2.1",
+ "name": "fragment-cache",
+ "version": "0.2.1",
+ "description": "A cache for managing namespaced sub-caches",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4290fad27f13e89be7f33799c6bc5a0abfff0d19"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/fragment-cache@0.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/fragment-cache"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/fragment-cache/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/fragment-cache.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/nanomatch@1.2.13",
+ "name": "nanomatch",
+ "version": "1.2.13",
+ "description": "Fast, minimal glob matcher for node.js. Similar to micromatch, minimatch and multimatch, but complete Bash 4.3 wildcard support only (no support for exglobs, posix brackets or braces)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7e9a1ed93d116c7c014c150e7ed01f04f683122d3ab9f6946a2d2613a627d6469c7374a74c4adf6ff87e5fde155f323ae2b2851d82265d2bddc061829b03aa08"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/nanomatch@1.2.13",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/micromatch/nanomatch"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/micromatch/nanomatch/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/micromatch/nanomatch.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-windows@1.0.2",
+ "name": "is-windows",
+ "version": "1.0.2",
+ "description": "Returns true if the platform is windows. UMD module, works with node.js, commonjs, browser, AMD, electron, etc.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7972b55089ead9b3e68f25fa7b754723330ba1b73827de22e005a7f87a6adce5392a4ad10bde8e01c4773d127fa46bba9bc4d19c11cff5d917415b13fc239520"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-windows@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/is-windows"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/is-windows/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/is-windows.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/object.pick@1.3.0",
+ "name": "object.pick",
+ "version": "1.3.0",
+ "description": "Returns a filtered copy of an object with only the specified keys, similar to `_.pick` from lodash / underscore.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "87a10ac4c1694bd2e1cbf53591a66141fb5dd747"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/object.pick@1.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/object.pick"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/object.pick/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/object.pick.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/stack-utils@1.0.2",
+ "name": "stack-utils",
+ "version": "1.0.2",
+ "description": "Captures and cleans stack traces",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3135fe31e1b953df7871ace48ddffd28d01aa6c1e789b8cc2e77d7a1d9645f0efa24479ad1488dcebaa2773a357a633093bc3942173d8dde019fd4c16f5305c0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/stack-utils@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/tapjs/stack-utils#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/tapjs/stack-utils/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/tapjs/stack-utils.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-mock@24.9.0",
+ "name": "jest-mock",
+ "version": "24.9.0",
+ "description": "## API",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dc111837959b4aaf7077e4b22c3112ec01e78c7f40fd1381c26cfb976cbea25f8db5214ef03622101ce83b509e15cf5af03632d7410ee1d0c556fff0377ce5d7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-mock@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40jest/transform@24.9.0",
+ "group": "@jest",
+ "name": "transform",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4dc4149b2351c55f784b442930e9d9974fbee91322aa96c7fd931c70507f6a692ee94c2fc9bd5c8d85fbc64a799c63646d7e103c7fc5701eaad470531f29cb99"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40jest/transform@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/core@7.10.5",
+ "group": "@babel",
+ "name": "core",
+ "version": "7.10.5",
+ "description": "Babel compiler core.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3b7e0b428a185435cf97b41609d5bda78351f909733abef14a13cf273f06b2e094dfff2e6bfc2a4ebee09a7c57bfe58111288653f1b9b35ea2ead52f1e435bfb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/core@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/generator@7.10.5",
+ "group": "@babel",
+ "name": "generator",
+ "version": "7.10.5",
+ "description": "Turns an AST into code.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "def5f1af71445bb13b949662590ddb338faffd5cabf42fa1a68950f01185afd63c462dad14b5938b19b028169f0ee8ced5655a8787e1641794d5b89e29d8218a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/generator@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/types@7.10.5",
+ "group": "@babel",
+ "name": "types",
+ "version": "7.10.5",
+ "description": "Babel Types is a Lodash-esque utility library for AST nodes",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8b157ae8a59f088e862a803fd87f6fe9b41d6df5c4c30a4e750f1c46f6f817e7b2be195a1f1585310078fb777d40525766c8a28aa56b7b0355d03144429c93e1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/types@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/to-fast-properties@2.0.0",
+ "name": "to-fast-properties",
+ "version": "2.0.0",
+ "description": "Force V8 to use fast properties for an object",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "dc5e698cbd079265bc73e0377681a4e4e83f616e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/to-fast-properties@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/to-fast-properties#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/to-fast-properties/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/to-fast-properties.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jsesc@2.5.2",
+ "name": "jsesc",
+ "version": "2.5.2",
+ "description": "Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "398bbb5c4ce39024370b93ecdd0219b107cda6aa09c99640f7dc1df5a59dd39342b42e6958e91284ada690be875d047afc2cb695b35d3e5641a6e4075c4eb780"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jsesc@2.5.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://mths.be/jsesc"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mathiasbynens/jsesc/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mathiasbynens/jsesc.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-module-transforms@7.10.5",
+ "group": "@babel",
+ "name": "helper-module-transforms",
+ "version": "7.10.5",
+ "description": "Babel helper functions for implementing ES6 module transformations",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e0ff8258c27afe3d56f75e484c969491a74b39b982451482db7e2e72d25f9ffbc7aec2cdc6c47c77095c5eff598495b397bedac1ffa659749910ab79b743a794"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-module-transforms@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-module-imports@7.10.4",
+ "group": "@babel",
+ "name": "helper-module-imports",
+ "version": "7.10.4",
+ "description": "Babel helper functions for inserting module loads",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9c44091ea61abc8db5ee80fdface4c501ce4eb1d4896fa12f564cf7e01b8dc26cc11e4ad134bfeafe4ee716771f0a146a303c6bf23a40d3f7eec31de7480e757"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-module-imports@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-replace-supers@7.10.4",
+ "group": "@babel",
+ "name": "helper-replace-supers",
+ "version": "7.10.4",
+ "description": "Helper function to replace supers",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b0fc597c55e8704ca66137552b550d9853c137e1efe662642cfb185b0181c590316967c5bbec6aa7b6faa960f4ca336e34bd9529ce8be4cd7cb4e5d43fb354d0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-replace-supers@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-member-expression-to-functions@7.10.5",
+ "group": "@babel",
+ "name": "helper-member-expression-to-functions",
+ "version": "7.10.5",
+ "description": "Helper function to replace certain member expressions with function calls",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1e2a89a580f9f96a290972006d00c6d33c9ee57615bdc3bdc3f0c7a791ac68691151a6a62e3d9b12dbba8bcae7186a6b0211ccdea89d08c829ef51c5e1e9dd84"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-member-expression-to-functions@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-optimise-call-expression@7.10.4",
+ "group": "@babel",
+ "name": "helper-optimise-call-expression",
+ "version": "7.10.4",
+ "description": "Helper function to optimise call expression",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9f7506298e155f05d384488aae0440a153c132a7a83e01d5aa21d939a9c02421bd9d050bda92d1422ad4ce5d22a0a7251c6a46a918083a481c20968858ba7282"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-optimise-call-expression@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/traverse@7.10.5",
+ "group": "@babel",
+ "name": "traverse",
+ "version": "7.10.5",
+ "description": "The Babel Traverse module maintains the overall tree state, and is responsible for replacing, removing, and adding nodes",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c9cfdfcafda05233eacd3cf4587791247da9bfb8c0f6403b9815f6b5797fc7988e13cd6e6953ee18fb5a624ef09a4c786faee643b36a23cae64f6a45e3b29829"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/traverse@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-function-name@7.10.4",
+ "group": "@babel",
+ "name": "helper-function-name",
+ "version": "7.10.4",
+ "description": "Helper function to change the property 'name' of every function",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "61d692cb3d67f20638e0498def1e38cc19fdcd0d51cb663edc64c0fb7bc7e8c8b391ed55c346960cceba14e6043f0f3ffea2a49aa39c92b1a04d86beeac71ea9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-function-name@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-get-function-arity@7.10.4",
+ "group": "@babel",
+ "name": "helper-get-function-arity",
+ "version": "7.10.4",
+ "description": "Helper function to get function arity",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "12437760307e4910e0888527360726883dfad6d8be0156cbddfdc77a77fa76aa94cabe5d32ca2b9e8d2525626e2e10e1908e6c604a608facbd901f00394d48d8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-get-function-arity@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/template@7.10.4",
+ "group": "@babel",
+ "name": "template",
+ "version": "7.10.4",
+ "description": "Generate an AST from a string template.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6428c3dbb706245501ea7982075127922debf8be6426f797f69ab54af0142a8202cba099f720fcc4ed3ce985dd621bcd8c17677a49b866768fe720bc0acff5b4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/template@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/parser@7.10.5",
+ "group": "@babel",
+ "name": "parser",
+ "version": "7.10.5",
+ "description": "A JavaScript parser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c1faf2c72e1b135522bef40a4900d4e3f5fa76bfa2f1b72d8d48e3f19caddc3432ecdb4f8b32574fc339da7aa934a2fe9ead8f5bc97193866a2e3d1f0f807885"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/parser@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-split-export-declaration@7.10.4",
+ "group": "@babel",
+ "name": "helper-split-export-declaration",
+ "version": "7.10.4",
+ "description": ">",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a724814dea147dfe7a7cbe42054da15a6f537ac038afface908f43c892efbe0cf4f4c07d62d7c861ede206b89569835a3def8096e6b4bc120e54e2ecd9bb9686"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-split-export-declaration@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/debug@4.1.1",
+ "name": "debug",
+ "version": "4.1.1",
+ "description": "small debugging utility",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a58008cde468f09e8a3c4689d1558e8793f391bc3f45eb6ecde84633b411457e617b87cf1f1dab74a301db9e9e8490a45fe5d1426d7a7992ea2cd4bc45265767"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/debug@4.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/visionmedia/debug#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/visionmedia/debug/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/visionmedia/debug.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ms@2.1.2",
+ "name": "ms",
+ "version": "2.1.2",
+ "description": "Tiny millisecond conversion utility",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b0690fc7e56332d980e8c5f6ee80381411442c50996784b85ea7863970afebcb53fa36f7be4fd1c9a2963f43d32b25ad98b48cd1bf9a7544c4bdbb353c4687db"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ms@2.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zeit/ms#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zeit/ms/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/zeit/ms.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/globals@11.12.0",
+ "name": "globals",
+ "version": "11.12.0",
+ "description": "Global identifiers from different JavaScript environments",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "58e069fc410652222c252a7bc1cbffcba30efa557d5289dc5aac6e15f9bc781c3358d8327c177a1b3f8878a43d8c29b28681fdf60d793374fe41a5471638b354"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/globals@11.12.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/globals#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/globals/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/globals.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-simple-access@7.10.4",
+ "group": "@babel",
+ "name": "helper-simple-access",
+ "version": "7.10.4",
+ "description": "Babel helper for ensuring that access to a given value is performed through simple accesses",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d1f332ef67a3fd512f17c50b997eb26f932d1c6e2e1f80db77a23f6870dbfc9560d1b6e2bf0b7d5a0fa1dee32f5fe41216dc2be4c788b6f6b36eb7388ed4405f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-simple-access@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helpers@7.10.4",
+ "group": "@babel",
+ "name": "helpers",
+ "version": "7.10.4",
+ "description": "Collection of helper functions used by Babel transforms.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2f6817fd779438d7846c8efc7574ab27319dcf8190f994c0fda6b37d4b056968d27bde64882b8e6791ec5ef922c378b017e9851d24547c953cb7a61abe871d5c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helpers@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/convert-source-map@1.7.0",
+ "name": "convert-source-map",
+ "version": "1.7.0",
+ "description": "Converts a source-map from/to different formats and allows adding/changing properties.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e052645f3297103075b270856652cfe20a42dc920b89c0a919bcc6f5ff46eed1aa182cc44d0da158fadc8a703da14e30b5fd9b8946841f9d3ae549cc791df7a0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/convert-source-map@1.7.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/thlorenz/convert-source-map"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/thlorenz/convert-source-map/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/thlorenz/convert-source-map.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/gensync@1.0.0-beta.1",
+ "name": "gensync",
+ "version": "1.0.0-beta.1",
+ "description": "Allows users to use generators in order to write common functions that can be both sync or async.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "afc102e8d3b5b27807ff3743f5f8910cb75c8276dac976a1fa62e031a9d3688649a840b5319b2d9a7a31f0aa67236fdfc50c2ba793a908e6162e9e2b065e0972"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/gensync@1.0.0-beta.1"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/json5@2.1.3",
+ "name": "json5",
+ "version": "2.1.3",
+ "description": "JSON for humans.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2973ef3a6f0af4824a14cd1b99d9fc41787bb9d0e1d60fe08a2797d0d2c268c9dbe21122545aa7a29d889935c27397b4fe81f3dcb4ea9871ad1319f985f32438"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/json5@2.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://json5.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/json5/json5/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/json5/json5.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/minimist@1.2.5",
+ "name": "minimist",
+ "version": "1.2.5",
+ "description": "parse argument options",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "14cf6735462b4410042d9413df179943b7e630e060ea758d989293720b0979a2ecb4ffd43835691acaf93a15e185783a7feaad27cba267e3d4c640d67202172f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/minimist@1.2.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/substack/minimist"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/substack/minimist/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/substack/minimist.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/resolve@1.17.0",
+ "name": "resolve",
+ "version": "1.17.0",
+ "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "89cfbb258895f158b6cb34061563a48990f967dcfb3b66619bd5cc693c5d244c4a6ac89e142afec9767f5a65ec7241e22a5d766abd32e978970f1de6e111e7d7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/resolve@1.17.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/browserify/resolve#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/browserify/resolve/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/browserify/resolve.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/path-parse@1.0.6",
+ "name": "path-parse",
+ "version": "1.0.6",
+ "description": "Node.js path.parse() ponyfill",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "19298e4f611b1eb20d05ff5247b08310bc2527c004364dd09fb3a290ae2715802edceb5edbe258355be4a401109b7fd32cd109143ff16498f3cb183728158ecf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/path-parse@1.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jbgutierrez/path-parse#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jbgutierrez/path-parse/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jbgutierrez/path-parse.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/babel-plugin-istanbul@5.2.0",
+ "name": "babel-plugin-istanbul",
+ "version": "5.2.0",
+ "description": "A babel plugin that adds istanbul instrumentation to ES6 code",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e4ba610b451203cb788b5cc2b636db35bea3263ffdf97e8fdfb41f8ab73fef4110df8c4a94c5be6b54471b0c4623e4b05a9370676ec7aafcc0a1b7aa697c2267"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/babel-plugin-istanbul@5.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/istanbuljs/babel-plugin-istanbul#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/istanbuljs/babel-plugin-istanbul/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/istanbuljs/babel-plugin-istanbul.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-plugin-utils@7.10.4",
+ "group": "@babel",
+ "name": "helper-plugin-utils",
+ "version": "7.10.4",
+ "description": "General utilities for plugins to use",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3b8282bd003a94b88c53d97679ac013cc7f5c4f3fcc4f7c1de2110c35e7484e553aa3feb7d7cf44e14dbe07133a907ecd819a8e40cbc073c5fcd5b41aebf5d56"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-plugin-utils@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/istanbul-lib-instrument@3.3.0",
+ "name": "istanbul-lib-instrument",
+ "version": "3.3.0",
+ "description": "Core istanbul API for JS code coverage",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e679c8378be8e714191dd5e7a3f6035c9d06f88ddd026e178337d25533cb4298ffcc0576755e89bb2d3269fd74ff3ac9389787a0dddfada15ef9746ad9b15564"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/istanbul-lib-instrument@3.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://istanbul.js.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/istanbuljs/istanbuljs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/istanbul-lib-coverage@2.0.5",
+ "name": "istanbul-lib-coverage",
+ "version": "2.0.5",
+ "description": "Data library for istanbul coverage objects",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f1a5f39ee10f089bc69cc4917ede2e743443b5bd55de991090c308e4b23ee87b90cf9a10e09d94167d47f36ada037a89b7238b924c15a880814248e71ad9f998"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/istanbul-lib-coverage@2.0.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://istanbul.js.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/istanbuljs/istanbuljs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/semver@6.3.0",
+ "name": "semver",
+ "version": "6.3.0",
+ "description": "The semantic version parser used by npm.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6f7f5305a4d27d5eb206b6a953cf69e5f29e904da6fcdc270e870e56bb90152d7fbde320773b8f72738cdf833a0b0c56f231ff97111ae6b0680de530bb91c74f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/semver@6.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/npm/node-semver#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/npm/node-semver/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/npm/node-semver.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/test-exclude@5.2.3",
+ "name": "test-exclude",
+ "version": "5.2.3",
+ "description": "test for inclusion or exclusion of paths using pkg-conf and globs",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "33ea31b6c78214edc40ed01a187ee289e8f70819335ea14c6f3a9800009dccaba2e1e640fa9ab7b591300a1bce74d7daef1c72f017db9a025222be37702ffeda"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/test-exclude@5.2.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://istanbul.js.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/istanbuljs/istanbuljs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/istanbuljs/istanbuljs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/glob@7.1.6",
+ "name": "glob",
+ "version": "7.1.6",
+ "description": "a little globber",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2f06b1c3267bd8b93bbd920db4d36bcb05f466e2f24adadd0ed69b79f64a018e59189855b607739e5b917acc4d98f8ad1344803be3b6eac5931de292236c0c04"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/glob@7.1.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/node-glob#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/node-glob/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/node-glob.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/fs.realpath@1.0.0",
+ "name": "fs.realpath",
+ "version": "1.0.0",
+ "description": "Use node's fs.realpath, but fall back to the JS implementation if the native one fails",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1504ad2523158caa40db4a2787cb01411994ea4f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/fs.realpath@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/fs.realpath#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/fs.realpath/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/isaacs/fs.realpath.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/inflight@1.0.6",
+ "name": "inflight",
+ "version": "1.0.6",
+ "description": "Add callbacks to requests in flight to avoid async duplication",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "49bd6331d7d02d0c09bc910a1075ba8165b56df9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/inflight@1.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/inflight"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/inflight/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/npm/inflight.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/once@1.4.0",
+ "name": "once",
+ "version": "1.4.0",
+ "description": "Run a function exactly one time",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "583b1aa775961d4b113ac17d9c50baef9dd76bd1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/once@1.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/once#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/once/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/once.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/wrappy@1.0.2",
+ "name": "wrappy",
+ "version": "1.0.2",
+ "description": "Callback wrapping utility",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b5243d8f3ec1aa35f1364605bc0d1036e30ab69f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/wrappy@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/npm/wrappy"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/npm/wrappy/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/npm/wrappy.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/minimatch@3.0.4",
+ "name": "minimatch",
+ "version": "3.0.4",
+ "description": "a glob matcher in javascript",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c891d5404872a8f2d44e0b7d07cdcf5eee96debc7832fbc7bd252f4e8a20a70a060ce510fb20eb4741d1a2dfb23827423bbbb8857de959fb7a91604172a87450"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/minimatch@3.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/minimatch#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/minimatch/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/minimatch.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/brace-expansion@1.1.11",
+ "name": "brace-expansion",
+ "version": "1.1.11",
+ "description": "Brace expansion as known from sh/bash",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "882b8f1c3160ac75fb1f6bc423fe71a73d3bcd21c1d344e9ba0aa1998b5598c3bae75f260ae44ca0e60595d101974835f3bb9fa3375a1e058a71815beb5a8688"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/brace-expansion@1.1.11",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/juliangruber/brace-expansion"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/juliangruber/brace-expansion/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/juliangruber/brace-expansion.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/balanced-match@1.0.0",
+ "name": "balanced-match",
+ "version": "1.0.0",
+ "description": "Match balanced character pairs, like \"{\" and \"}\"",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "89b4d199ab2bee49de164ea02b89ce462d71b767"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/balanced-match@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/juliangruber/balanced-match"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/juliangruber/balanced-match/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/juliangruber/balanced-match.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/concat-map@0.0.1",
+ "name": "concat-map",
+ "version": "0.0.1",
+ "description": "concatenative mapdashery",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d8a96bd77fd68df7793a73036a3ba0d5405d477b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/concat-map@0.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/substack/node-concat-map#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/substack/node-concat-map/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/substack/node-concat-map.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/path-is-absolute@1.0.1",
+ "name": "path-is-absolute",
+ "version": "1.0.1",
+ "description": "Node.js 0.12 path.isAbsolute() ponyfill",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/path-is-absolute@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/path-is-absolute#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/path-is-absolute/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/path-is-absolute.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/read-pkg-up@4.0.0",
+ "name": "read-pkg-up",
+ "version": "4.0.0",
+ "description": "Read the closest package.json file",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e9eb50487ee7246b0ad116c6ff64de0f36456bcb218d0d6e9be4b0410e5cc0acb476149774e9dc1216f508fa6f406e21ec5c8e57a101e98955d3226f65034090"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/read-pkg-up@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/read-pkg-up#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/read-pkg-up/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/read-pkg-up.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/read-pkg@3.0.0",
+ "name": "read-pkg",
+ "version": "3.0.0",
+ "description": "Read a package.json file",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9cbc686978fee65d16c00e2b19c237fcf6e38389"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/read-pkg@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/read-pkg#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/read-pkg/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/read-pkg.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/load-json-file@4.0.0",
+ "name": "load-json-file",
+ "version": "4.0.0",
+ "description": "Read and parse a JSON file",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2f5f45ab91e33216234fd53adab668eb4ec0993b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/load-json-file@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/load-json-file#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/load-json-file/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/load-json-file.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/parse-json@4.0.0",
+ "name": "parse-json",
+ "version": "4.0.0",
+ "description": "Parse JSON with more helpful errors",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "be35f5425be1f7f6c747184f98a788cb99477ee0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/parse-json@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/parse-json#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/parse-json/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/parse-json.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/error-ex@1.3.2",
+ "name": "error-ex",
+ "version": "1.3.2",
+ "description": "Easy error subclassing and stack customization",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "edd147366a9e15212dd9906c0ab8a8aca9e7dd9da98fe7ddf64988e90a16c38fff0cbfa270405f73453ba890a2b2aad3b0a4e3c387cd172da95bd3aa4ad0fce2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/error-ex@1.3.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/qix-/node-error-ex#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/qix-/node-error-ex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/qix-/node-error-ex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-arrayish@0.2.1",
+ "name": "is-arrayish",
+ "version": "0.2.1",
+ "description": "Determines if an object can be used as an array",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "77c99840527aa8ecb1a8ba697b80645a7a926a9d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-arrayish@0.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/qix-/node-is-arrayish#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/qix-/node-is-arrayish/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/qix-/node-is-arrayish.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/json-parse-better-errors@1.0.2",
+ "name": "json-parse-better-errors",
+ "version": "1.0.2",
+ "description": "JSON.parse with context information on error",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9abab264a7d7e4484bee1bea715e961b5c988e78deb980f30e185c00052babc3e8f3934140124ff990d44fbe6a650f7c22452806a76413192e90e53b4ecdb0af"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/json-parse-better-errors@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zkat/json-parse-better-errors#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zkat/json-parse-better-errors/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/zkat/json-parse-better-errors.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/strip-bom@3.0.0",
+ "name": "strip-bom",
+ "version": "3.0.0",
+ "description": "Strip UTF-8 byte order mark (BOM) from a string",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2334c18e9c759f7bdd56fdef7e9ae3d588e68ed3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/strip-bom@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/strip-bom#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/strip-bom/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/strip-bom.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/normalize-package-data@2.5.0",
+ "name": "normalize-package-data",
+ "version": "2.5.0",
+ "description": "Normalizes data that can be found in package.json files.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ff908c3774f44785d38f80dc19a7b1a3eae8652752156ff400e39344eae3c73086d70ad65c4b066d129ebe39482fe643138b19949af9103e185b4caa9a42be78"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/normalize-package-data@2.5.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/npm/normalize-package-data#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/npm/normalize-package-data/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/npm/normalize-package-data.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/hosted-git-info@2.8.8",
+ "name": "hosted-git-info",
+ "version": "2.8.8",
+ "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7ffc330b641a581b3bb7d218a81e13dec475c6f8885625c94494d6065c7619fde0d178b9bc8ed8cb89285d0d5cf4e60318737db01cb50d0d8007c7ea6415a152"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/hosted-git-info@2.8.8",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/npm/hosted-git-info"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/npm/hosted-git-info/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/npm/hosted-git-info.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/validate-npm-package-license@3.0.4",
+ "name": "validate-npm-package-license",
+ "version": "3.0.4",
+ "description": "Give me a string and I'll tell you if it's a valid npm package license string",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0e92a6d948bfc4deff1d0282b69671a11581859f59d24aadca01bc5c280d43c6650e7c6e4265a18f9eba8fc7cde02bb7fc999b86c0e8edf70026ae2cf61dbb13"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/validate-npm-package-license@3.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/spdx-correct@3.1.1",
+ "name": "spdx-correct",
+ "version": "3.1.1",
+ "description": "correct invalid SPDX expressions",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "70e61c516c210ae1c25e2e3d4611510b22442b788f8f5662cfd0e9562577b5b64ec170f8f50cc837732938b24dc61daac2ada524965a28c570f6a362e234c2d3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/spdx-correct@3.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jslicense/spdx-correct.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jslicense/spdx-correct.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jslicense/spdx-correct.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/spdx-expression-parse@3.0.1",
+ "name": "spdx-expression-parse",
+ "version": "3.0.1",
+ "description": "parse SPDX license expressions",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "71ba87ba7b105a724d13a2a155232c31e1f91ff2fd129ca66f3a93437b8bc0d08b675438f35a166a87ea1fb9cee95d3bc655f063a3e141d43621e756c7f64ae1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/spdx-expression-parse@3.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jslicense/spdx-expression-parse.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jslicense/spdx-expression-parse.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jslicense/spdx-expression-parse.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/spdx-exceptions@2.3.0",
+ "name": "spdx-exceptions",
+ "version": "2.3.0",
+ "description": "list of SPDX standard license exceptions",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "fed4eb60e0bb3cf2359d4020c77e21529a97bb2246f834c72539c850b1b8ac3ca08b8c6efed7e09aad5ed5c211c11cf0660a3834bc928beae270b919930e22e4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "CC-BY-3.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/spdx-exceptions@2.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kemitchell/spdx-exceptions.json#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kemitchell/spdx-exceptions.json/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/spdx-license-ids@3.0.5",
+ "name": "spdx-license-ids",
+ "version": "3.0.5",
+ "description": "A list of SPDX license identifiers",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "27e156cd9a329c91171a9855212f97121de41528d95ffd62f6014169641c07efed9a97b6a94b12040069731ab19c0c45762505120017d5b8d8190bc8666a33f5"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/spdx-license-ids@3.0.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/shinnn/spdx-license-ids#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/shinnn/spdx-license-ids/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/shinnn/spdx-license-ids.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/path-type@3.0.0",
+ "name": "path-type",
+ "version": "3.0.0",
+ "description": "Check if a path is a file, directory, or symlink",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4f6654b1d6451e0037bb87b93df3db8ddec70c3a713e741be633744ab0ec8cd4ae5571c9aadc139d6a86d01d6366b82627fee58f51265480725add60c46916be"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/path-type@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/path-type#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/path-type/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/path-type.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/require-main-filename@2.0.0",
+ "name": "require-main-filename",
+ "version": "2.0.0",
+ "description": "shim for require.main.filename() that works in as many environments as possible",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "34a37990c0f294aba577160b4947eb6e8e53bb387885dfb613c34f3d7d36999b67d55b911104e861efd9765272f89dee0a97da886174e5eec1f16d225db4079a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/require-main-filename@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/yargs/require-main-filename#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/require-main-filename/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/yargs/require-main-filename.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-haste-map@24.9.0",
+ "name": "jest-haste-map",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "91f5459acb96ba2d928f5469d402780fd1ea270138bb04e54bfbcef9e45468c99de78045a658b65e13109cf0b69387071556c1d90d82fa3b48d4018b8049c28d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-haste-map@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/anymatch@2.0.0",
+ "name": "anymatch",
+ "version": "2.0.0",
+ "description": "Matches strings against configurable strings, globs, regular expressions, and/or functions",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e6d78eb105800571c70453fdcb7b244b93f777f59f597a6fdc5529cbe2e8accacd61a4fda48e282cc417ee3cd0d8a9253691a9587cdd0974c34f66375c695907"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/anymatch@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/micromatch/anymatch"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/micromatch/anymatch/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/micromatch/anymatch.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/normalize-path@2.1.1",
+ "name": "normalize-path",
+ "version": "2.1.1",
+ "description": "Normalize file path slashes to be unix-like forward slashes. Also condenses repeat slashes to a single slash and removes and trailing slashes unless disabled.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1ab28b556e198363a8c1a6f7e6fa20137fe6aed9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/normalize-path@2.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/normalize-path"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/normalize-path/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/normalize-path.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/remove-trailing-separator@1.1.0",
+ "name": "remove-trailing-separator",
+ "version": "1.1.0",
+ "description": "Removes separators from the end of the string.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c24bce2a283adad5bc3f58e0d48249b92379d8ef"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/remove-trailing-separator@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/darsain/remove-trailing-separator#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/darsain/remove-trailing-separator/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/darsain/remove-trailing-separator.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/fb-watchman@2.0.1",
+ "name": "fb-watchman",
+ "version": "2.0.1",
+ "description": "Bindings for the Watchman file watching service",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0e43c9290798ea42b09ae32b7ad061afb1ba56876bedb1700d84d72247c6d608ef3696b1053415dcf6d783a6d1d5cd543f88cf397d231d46db1c034bf6f46356"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/fb-watchman@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://facebook.github.io/watchman/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/watchman/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/facebook/watchman.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/bser@2.1.1",
+ "name": "bser",
+ "version": "2.1.1",
+ "description": "JavaScript implementation of the BSER Binary Serialization",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "810c53344fc601f208ae61cb504de8272a7914ee874417e18e7c38ff032603add91832675819a063f972401a670d490698085b49edfdb71d9dfe24ce01f825c1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/bser@2.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://facebook.github.io/watchman/docs/bser.html"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/watchman/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/watchman.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/node-int64@0.4.0",
+ "name": "node-int64",
+ "version": "0.4.0",
+ "description": "Support for representing 64-bit integers in JavaScript",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "87a9065cdb355d3182d8f94ce11188b825c68a3b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/node-int64@0.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/broofa/node-int64#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/broofa/node-int64/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/broofa/node-int64.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/invariant@2.2.4",
+ "name": "invariant",
+ "version": "2.2.4",
+ "description": "invariant",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a6125f41506e689339ada3a926349f9220fa0696c213836cfff2da5e5eb0198b54058f379d64ba45ff6d5e6d9ef1568aeb42448d895d6cf89ffc0d81d42da034"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/invariant@2.2.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zertosh/invariant#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zertosh/invariant/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/zertosh/invariant.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/loose-envify@1.4.0",
+ "name": "loose-envify",
+ "version": "1.4.0",
+ "description": "Fast (and loose) selective `process.env` replacer using js-tokens instead of an AST",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "972bb13c6aff59f86b95e9b608bfd472751cd7372a280226043cee918ed8e45ff242235d928ebe7d12debe5c351e03324b0edfeb5d54218e34f04b71452a0add"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/loose-envify@1.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zertosh/loose-envify"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zertosh/loose-envify/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/zertosh/loose-envify.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-serializer@24.9.0",
+ "name": "jest-serializer",
+ "version": "24.9.0",
+ "description": "Module for serializing and deserializing object into memory and disk. By default, the `v8` implementations are used, but if not present, it defaults to `JSON` implementation. Both serializers have the advantage of being able to serialize `Map`, `Set`, `undefined`, `NaN`, etc, although the JSON one does it through a replacer/reviver.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0f1622a43afc3af7eb287dca7a5e8d7440f7397c63bf15d9d6e218d88f4e15b1a0faf524920ec01af8bae6a6e16d634fbc37245e6ccc3db2b7bb71da0cee3d6d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-serializer@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-util@24.9.0",
+ "name": "jest-util",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c7e71953c55198e2716c0d4ae680c177142676ad0e21d0036ab2f193432afb75d2e2382f846fe828659c2030ad3c6d07823c4e62f17e8a53c942c0325df6cd3a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-util@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-ci@2.0.0",
+ "name": "is-ci",
+ "version": "2.0.0",
+ "description": "Detect if the current environment is a CI server",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "61f253eeb929401d2ea5db1d1cb196aef84125f71fccd35ac180cd232417273d0856219fef93bc1013ca49dbf0dab17e2c60ac5f8159f2d72bddbd7d2dc66ae3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-ci@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/watson/is-ci"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/watson/is-ci/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/watson/is-ci.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ci-info@2.0.0",
+ "name": "ci-info",
+ "version": "2.0.0",
+ "description": "Get details about the current Continuous Integration environment",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e6d2bb12dad9d0df8e2c532d86da8e8f87c8d8979bf3c0b808064fbb6e4b0d55205c9d00dc9b383cc1aaae7d095355b4321d7f67cc19cd83f1a94ad77816e809"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ci-info@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/watson/ci-info"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/watson/ci-info/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/watson/ci-info.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mkdirp@0.5.5",
+ "name": "mkdirp",
+ "version": "0.5.5",
+ "description": "Recursively mkdir, like `mkdir -p`",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "34a98094449fea3306ca6d7ef91d116bbc2f855fb0156eb715a48e14fc116a1bde6b480c51c19485578083fd010b4c22bfd8a1e4d60f0755a7d54108d7f2fec5"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mkdirp@0.5.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/substack/node-mkdirp#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/substack/node-mkdirp/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/substack/node-mkdirp.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-worker@24.9.0",
+ "name": "jest-worker",
+ "version": "24.9.0",
+ "description": "Module for executing heavy tasks under forked processes in parallel, by providing a `Promise` based interface, minimum overhead, and bound workers.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e753c4e2168c497707a219d231d338d9a9dbbd900d613a8caebe76b5528faaab0f24cce83fa15860356a6a15ff1eb0282842b3dee50fcd2bcab3d037a91e2257"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-worker@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/merge-stream@2.0.0",
+ "name": "merge-stream",
+ "version": "2.0.0",
+ "description": "Create a stream that emits events from multiple other streams",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "69bbffa8e72e3df9375113df0f39995352ca9aec3c913fb49c81ef2ab2a016bc227e897f76859c740e19aac590f0436b14a91debb31fa68fcba2f6c852c6eddf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/merge-stream@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/grncdr/merge-stream#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/grncdr/merge-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/grncdr/merge-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/supports-color@6.1.0",
+ "name": "supports-color",
+ "version": "6.1.0",
+ "description": "Detect whether a terminal supports color",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a9ed637e6d4c83b36afcd4a1e97136e203d744e115b161f10b52c8c7ffd73650fd8b0ed86501a364d8d837bc466841ba88a740f04b4d156e91d208e7557a7ec1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/supports-color@6.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/supports-color#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/supports-color/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/supports-color.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/sane@4.1.0",
+ "name": "sane",
+ "version": "4.1.0",
+ "description": "Sane aims to be fast, small, and reliable file system watcher.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8616f30204c85fc3bb4877e9d9cf3f91111f127e2a3bff6af02f5b7b263afadbd9f3b129a19de2d51204be9dbb601b309cd6d8f6659dea968a56629b0202df64"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/sane@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/amasad/sane"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/amasad/sane/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/amasad/sane.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40cnakazawa/watch@1.0.4",
+ "group": "@cnakazawa",
+ "name": "watch",
+ "version": "1.0.4",
+ "description": "Utilities for watching file trees.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "bfd90884ac237994e1896acb9a3d32d7b096a3275d0122e3f4edb2bdb6646efc3f377ad6398cbdce457aeaeaec02856bd26575e5b2fc834738419504e9c743a1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40cnakazawa/watch@1.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mikeal/watch"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mikeal/watch/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/mikeal/watch.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/exec-sh@0.3.4",
+ "name": "exec-sh",
+ "version": "0.3.4",
+ "description": "Execute shell command forwarding all stdio.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b0414891ceb5bfbe6c59e39eef6ab2aea836420d0eb8b112ce250393f3bfcf6aa04b5e72da059516b23a7f6427feac3fd3f3427c212c98d038cce8e4c04653d4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/exec-sh@0.3.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/tsertkov/exec-sh#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/tsertkov/exec-sh/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/tsertkov/exec-sh.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/capture-exit@2.0.0",
+ "name": "capture-exit",
+ "version": "2.0.0",
+ "description": "safely cleanup in signal handlers",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3e24ff850993a271e197f1c518df8bc772495339eb558277f8042c9ed8677996ef5bbc7e7f4f1393bc8b2532c4394bc14db76e2de78193111a61750e52b46aea"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/capture-exit@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stefanpenner/capture-exit#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stefanpenner/capture-exit/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stefanpenner/capture-exit.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/rsvp@4.8.5",
+ "name": "rsvp",
+ "version": "4.8.5",
+ "description": "A lightweight library that provides tools for organizing asynchronous code",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9df30e9404aef4e9d1268d666c4936733d03e7a6b530136b27ba2b8d16501b5d170f2bafc24b0a6ee5cda7aa9afa46e7f37f47c23c2107384599db1a1007dab8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/rsvp@4.8.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/tildeio/rsvp.js"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/tildeio/rsvp.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/tildeio/rsvp.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/execa@1.0.0",
+ "name": "execa",
+ "version": "1.0.0",
+ "description": "A better `child_process`",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "69d6f1732595e3aaa21f2bd2a79d132add39b41e2d2b71dc985eff9f17c07619e8c7cdec7930dbc276aa28ee2c5d1cbbae81c0205a893ff470fc0b846d7eb52c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/execa@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/execa#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/execa/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/execa.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/get-stream@4.1.0",
+ "name": "get-stream",
+ "version": "4.1.0",
+ "description": "Get a stream as a string, buffer, or array",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "18c6ade04279d7ad64232d877af2e5af896e363060be68f8d7729a400ee3b7857c078443b1fa4793b590f4656a7d8cb2c7c392fcbeba2a8c7eac944d9252caef"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/get-stream@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/get-stream#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/get-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/get-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pump@3.0.0",
+ "name": "pump",
+ "version": "3.0.0",
+ "description": "pipe streams together and close all of them if one of them closes",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2f0672fa9dd216cd4fcad77f8d872de30a6fe3d1e2602a9df5195ce5955d93457ef18cefea34790659374d198f2f57edebd4f13f420c64627e58f154d81161c3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pump@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mafintosh/pump#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mafintosh/pump/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/mafintosh/pump.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/end-of-stream@1.4.4",
+ "name": "end-of-stream",
+ "version": "1.4.4",
+ "description": "Call a callback when a readable/writable/duplex stream has completed or failed.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "faec358a720754f428695b87cd1c97776d6270cf9c9ede02cc3e6b5be342d708ce5124ceb3e4deec53afec084deef4bdc7fa08ca12cfe4f4751fea614001eee5"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/end-of-stream@1.4.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mafintosh/end-of-stream"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mafintosh/end-of-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/mafintosh/end-of-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-stream@1.1.0",
+ "name": "is-stream",
+ "version": "1.1.0",
+ "description": "Check if something is a Node.js stream",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "12d4a3dd4e68e0b79ceb8dbc84173ae80d91ca44"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-stream@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/is-stream#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/is-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/is-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/npm-run-path@2.0.2",
+ "name": "npm-run-path",
+ "version": "2.0.2",
+ "description": "Get your PATH prepended with locally installed binaries",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "35a9232dfa35d7067b4cb2ddf2357b1871536c5f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/npm-run-path@2.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/npm-run-path#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/npm-run-path/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/npm-run-path.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/signal-exit@3.0.3",
+ "name": "signal-exit",
+ "version": "3.0.3",
+ "description": "when you want to fire an event no matter how a process exits.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "554278f450bc5353b1c192f121b4d3ac3bcb9dfffa4c383165c2bcc3147ccecd77c69c7bc5b1bad2774196136b162d8432e151a1e0e824eef0b6148bab8d848c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/signal-exit@3.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/tapjs/signal-exit"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/tapjs/signal-exit/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/tapjs/signal-exit.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/strip-eof@1.0.0",
+ "name": "strip-eof",
+ "version": "1.0.0",
+ "description": "Strip the End-Of-File (EOF) character from a string/buffer",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "bb43ff5598a6eb05d89b59fcd129c983313606bf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/strip-eof@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/strip-eof#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/strip-eof/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/strip-eof.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/walker@1.0.7",
+ "name": "walker",
+ "version": "1.0.7",
+ "description": "A simple directory tree walker.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2f7f9b8fd10d677262b18a884e28d19618e028fb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/walker@1.0.7",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/daaku/nodejs-walker"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/daaku/nodejs-walker/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/daaku/nodejs-walker.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/makeerror@1.0.11",
+ "name": "makeerror",
+ "version": "1.0.11",
+ "description": "A library to make errors.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e01a5c9109f2af79660e4e8b9587790184f5a96c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/makeerror@1.0.11",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/daaku/nodejs-makeerror#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/daaku/nodejs-makeerror/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/daaku/nodejs-makeerror.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/tmpl@1.0.4",
+ "name": "tmpl",
+ "version": "1.0.4",
+ "description": "JavaScript micro templates.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "23640dd7b42d00433911140820e5cf440e521dd1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/tmpl@1.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/nshah/nodejs-tmpl"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/daaku/nodejs-tmpl/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/daaku/nodejs-tmpl.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-regex-util@24.9.0",
+ "name": "jest-regex-util",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d390a66fa0aec5a03e62ce9f8ebdcf86f5776c64263beda9d8b6b88456d4f96e6e39ce3bf5fec574b5d4597c38a5830086149922e287c125d2bba0ac48101740"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-regex-util@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pirates@4.0.1",
+ "name": "pirates",
+ "version": "4.0.1",
+ "description": "Properly hijack require",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5ae36a2d36cc237b667de7f64cac654260222c72ad16196c0999cf229bafd8ec3444354ef257f2d4ea5fe0d53394c5cb8cf97e31e9fb02e55d5fa4c0facfae18"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pirates@4.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ariporad/pirates#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ariporad/pirates/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ariporad/pirates.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/node-modules-regexp@1.0.0",
+ "name": "node-modules-regexp",
+ "version": "1.0.0",
+ "description": "A regular expression for file paths that contain a `node_modules` folder.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8d9dbe28964a4ac5712e9131642107c71e90ec40"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/node-modules-regexp@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jamestalmage/node-modules-regexp#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jamestalmage/node-modules-regexp/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jamestalmage/node-modules-regexp.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/realpath-native@1.1.0",
+ "name": "realpath-native",
+ "version": "1.1.0",
+ "description": "Use the system's native `realpath`",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c2580f03a70220883d80acf47e000f8e7ce1e3247f2e75e8bf0ba8f61bf21afc7787c9d7e3efe22d9a657d459ab17a6a0fc05d9c69cfe678ce163914c0fcef8c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/realpath-native@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/SimenB/realpath-native#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/SimenB/realpath-native/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/SimenB/realpath-native.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/util.promisify@1.0.1",
+ "name": "util.promisify",
+ "version": "1.0.1",
+ "description": "Polyfill/shim for util.promisify in node versions < v8",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "83d2690bfdc77b76e6dfccec2eea56af25c7a04712db6607b61b8f41225d332e8a36bcc84735aa72c1f30ff5949ea7b8e70855a2ee1522c3dec37ec3a1758dac"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/util.promisify@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/util.promisify#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/util.promisify/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ljharb/util.promisify.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/define-properties@1.1.3",
+ "name": "define-properties",
+ "version": "1.1.3",
+ "description": "Define multiple non-enumerable properties at once. Uses `Object.defineProperty` when available; falls back to standard assignment in older engines.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dcca9f60a8f694bcdd3127fc648644fd5f99bb2f81803e9fd7ae1ef0adb0edd827a4a02b0437ab198a4ce3a21861c8e791d3cd3233e4f40e95141f3edd22a55d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/define-properties@1.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/define-properties#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/define-properties/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/define-properties.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/object-keys@1.1.1",
+ "name": "object-keys",
+ "version": "1.1.1",
+ "description": "An Object.keys replacement, in case Object.keys is not available. From https://github.com/es-shims/es5-shim",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "36e00449439432b9485ce7c72b30fa6e93eeded62ddf1be335d44843e15e4f494d6f82bc591ef409a0f186e360b92d971be1a39323303b3b0de5992d2267e12c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/object-keys@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/object-keys#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/object-keys/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/object-keys.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/es-abstract@1.17.6",
+ "name": "es-abstract",
+ "version": "1.17.6",
+ "description": "ECMAScript spec abstract operations.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "16bf3d6ce377585c948b912f01e238f104d65f40327a41a02c0f07f9cfbb7db7c2909c1159130b77c09079d344c89ba8618866b44a98f76a60b5ed4502106587"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/es-abstract@1.17.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/es-abstract#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/es-abstract/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/es-abstract.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/es-to-primitive@1.2.1",
+ "name": "es-to-primitive",
+ "version": "1.2.1",
+ "description": "ECMAScript “ToPrimitive” algorithm. Provides ES5 and ES2015 versions.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4023a5960649b5a528f6689805c2c285351a1cd8c91773d8b35562743ec0c22123d6463129e41372d2c07b300e1f964a447d20d8880f9fa2b0078213f22469bc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/es-to-primitive@1.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/es-to-primitive#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/es-to-primitive/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/es-to-primitive.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-callable@1.2.0",
+ "name": "is-callable",
+ "version": "1.2.0",
+ "description": "Is this JS value callable? Works with Functions and GeneratorFunctions, despite ES6 @@toStringTag.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a72543f406862f1b60eacadbd8d83aca7589aa41d4f5b10cd3cec029c934c3c4300daad37cd729218a14f31f07bf621c9bcbba90524cd7c0da83c972a8692f8b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-callable@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/is-callable#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/is-callable/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/is-callable.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-date-object@1.0.2",
+ "name": "is-date-object",
+ "version": "1.0.2",
+ "description": "Is this value a JS Date object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5129434f9db8c28434f1aa19173877fd9e9c87d63f1165c41d0fc06913744a42aae2dd89c36476df7f6d4979b0b95a18ecb2e50426ce225c769b23ff2f9ce4d2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-date-object@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/is-date-object#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/is-date-object/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/is-date-object.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-symbol@1.0.3",
+ "name": "is-symbol",
+ "version": "1.0.3",
+ "description": "Determine if a value is an ES6 Symbol or not.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3b08a385a45282abe19bfd19740717359b7d95874a1697110d3e542d4b985cfa13efde1434e754fa0a53e91ce8edbe15d87525fe8a7a1aa63cf78019c2ff5f69"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-symbol@1.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/inspect-js/is-symbol#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/inspect-js/is-symbol/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/inspect-js/is-symbol.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has-symbols@1.0.1",
+ "name": "has-symbols",
+ "version": "1.0.1",
+ "description": "Determine if the JS environment has Symbol support. Supports spec, or shams.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3cb72ca2abbef9d98421907eeada2d3452aaffb0e8f99d2ee284f4cca389365de560aeaf1b0c2eda18c7b3eebc38465b4e389413d6e03800576cffc6beb4b42a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has-symbols@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/has-symbols#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/has-symbols/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/has-symbols.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/function-bind@1.1.1",
+ "name": "function-bind",
+ "version": "1.1.1",
+ "description": "Implementation of Function.prototype.bind",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c88a2f033317e3db05f18979f1f482589e6cbd22ee6a26cfc5740914b98139b4ee0abd0c7f52a23e8a4633d3621638980426df69ad8587a6eb790e803554c8d0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/function-bind@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Raynos/function-bind"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Raynos/function-bind/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/Raynos/function-bind.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has@1.0.3",
+ "name": "has",
+ "version": "1.0.3",
+ "description": "Object.prototype.hasOwnProperty.call shortcut",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7f676f3b4554e8e7a3ed1916246ade8636f33008c5a79fd528fa79b53a56215e091c764ad7f0716c546d7ffb220364964ded3d71a0e656d618cd61086c14b8cf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has@1.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/tarruda/has"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/tarruda/has/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/tarruda/has.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-regex@1.1.0",
+ "name": "is-regex",
+ "version": "1.1.0",
+ "description": "Is this value a JS regex? Works cross-realm/iframe, and despite ES6 @@toStringTag",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "888f7b33c2935880f695ae6e6179646d20d0220e05ea8d6c61ba1928a4c3a670d030bb542fceb3c618037addd0d92ae2698b321aa67a327d928db44a78b1ddab"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-regex@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/is-regex"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/is-regex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/is-regex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/object-inspect@1.8.0",
+ "name": "object-inspect",
+ "version": "1.8.0",
+ "description": "string representations of objects in node and the browser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8cb76d10e075d767ce46eca903297fe7455154804875540e494506407cc9e310526e2b7cd7345aaf3ec64e1904159cb545c798ad661c3dc0453d0c07c8073580"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/object-inspect@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/inspect-js/object-inspect"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/inspect-js/object-inspect/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/inspect-js/object-inspect.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/object.assign@4.1.0",
+ "name": "object.assign",
+ "version": "4.1.0",
+ "description": "ES6 spec-compliant Object.assign shim. From https://github.com/es-shims/es6-shim",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7b11c97aaea404a8f9f26a86c9343d0c5beb642fde47a3b0c73a0cf58468181aab5d8a27685c8688532e73d559ad77fb0daaeb784c0ca6eac6ddd77e08dc96e7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/object.assign@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/object.assign#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/object.assign/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/object.assign.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/string.prototype.trimend@1.0.1",
+ "name": "string.prototype.trimend",
+ "version": "1.0.1",
+ "description": "ES2019 spec-compliant String.prototype.trimEnd shim.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2d13f1154693b69a98b1378d29a14ec374786f123358e9db43cdfb41f072968f23231b5c6cafc0fec315ed0f8e015fef5a8fbbb36e69384d742984a36923b4ea"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/string.prototype.trimend@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/es-shims/String.prototype.trimEnd#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/es-shims/String.prototype.trimEnd/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/es-shims/String.prototype.trimEnd.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/string.prototype.trimstart@1.0.1",
+ "name": "string.prototype.trimstart",
+ "version": "1.0.1",
+ "description": "ES2019 spec-compliant String.prototype.trimStart shim.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5f1667f90a6fac123514e720e9d229c543e05823ee357bcc0fbd9a69169442fd5e0f87bf432f22fe11537b4054983eb4a7f400e9b8756af9ae3d37cd8ea55647"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/string.prototype.trimstart@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/es-shims/String.prototype.trimStart#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/es-shims/String.prototype.trimStart/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/es-shims/String.prototype.trimStart.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/object.getownpropertydescriptors@2.1.0",
+ "name": "object.getownpropertydescriptors",
+ "version": "2.1.0",
+ "description": "ES2017 spec-compliant shim for `Object.getOwnPropertyDescriptors` that works in ES5.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "679dce6a1f40dd374ba1b953ed52896930dd5dd4fe9503be70da4a567c9ae490def6e2efceed58c98d7214316b731ae54605ab1051f48c9b43fc86eec2370456"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/object.getownpropertydescriptors@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/es-shims/object.getownpropertydescriptors#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/es-shims/object.getownpropertydescriptors/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/es-shims/object.getownpropertydescriptors.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/write-file-atomic@2.4.1",
+ "name": "write-file-atomic",
+ "version": "2.4.1",
+ "description": "Write files in an atomic fashion w/configurable ownership",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4c61c5799119327bfe8011517e301cc4be5b3c7aec18ab676f8aac140c2ceffbe587e41fc006b2488c380173fd66c9134e1e465aedc52ee261b1655d8893c6be"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/write-file-atomic@2.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/iarna/write-file-atomic"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/iarna/write-file-atomic/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/iarna/write-file-atomic.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/imurmurhash@0.1.4",
+ "name": "imurmurhash",
+ "version": "0.1.4",
+ "description": "An incremental implementation of MurmurHash3",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9218b9b2b928a238b13dc4fb6b6d576f231453ea"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/imurmurhash@0.1.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jensyt/imurmurhash-js"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jensyt/imurmurhash-js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jensyt/imurmurhash-js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/exit@0.1.2",
+ "name": "exit",
+ "version": "0.1.2",
+ "description": "A replacement for process.exit that ensures stdio are fully drained before exiting.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "0632638f8d877cc82107d30a0fff1a17cba1cd0c"
+ }
+ ],
+ "purl": "pkg:npm/exit@0.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/cowboy/node-exit"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/cowboy/node-exit/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/cowboy/node-exit.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/istanbul-lib-report@2.0.8",
+ "name": "istanbul-lib-report",
+ "version": "2.0.8",
+ "description": "Base reporting library for istanbul",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7c705e1b9ef71088a18406e5c20c6b49e9e9d036f2ead24c151fc7be57ab06cac24c3e5b914ba836d9f7815876f59092f36e1c18604f9fb4a0edc364fb6c54b1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/istanbul-lib-report@2.0.8",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://istanbul.js.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/istanbuljs/istanbuljs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/make-dir@2.1.0",
+ "name": "make-dir",
+ "version": "2.1.0",
+ "description": "Make a directory and its parents if needed - Think `mkdir -p`",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2d2f57f9d73c28bc5709bf1d9e2efd7cb208500e55c99a328d2302c1396e697034a36edc08ad1b857929830fac4d75693f2fe548ee7b8a5462c6a934bc39ad44"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/make-dir@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/make-dir#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/make-dir/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/make-dir.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pify@4.0.1",
+ "name": "pify",
+ "version": "4.0.1",
+ "description": "Promisify a callback-style function",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b81f3490115bfed7ddebc6d595e1bd4f9186b063e326b2c05294793d922b8419c86914d0463a9d252b082a438fe8e00815b8fb18eadcb9d739a4d8d9fa0795da"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pify@4.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/pify#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/pify/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/pify.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/istanbul-lib-source-maps@3.0.6",
+ "name": "istanbul-lib-source-maps",
+ "version": "3.0.6",
+ "description": "Source maps support for istanbul",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "478ecacccb43247e97e3f616f574f1fa3acb9d99ec716e15a4d37ed4f5624984de8cb54f5afee8a2ff83b9ff184123f255152fb9e42acf54dcb02ea6a286535f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/istanbul-lib-source-maps@3.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://istanbul.js.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/istanbuljs/istanbuljs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/rimraf@2.7.1",
+ "name": "rimraf",
+ "version": "2.7.1",
+ "description": "A deep deletion module for node (like `rm -rf`)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b968db68a20add3d4e495a6dcd7ecd97a3ef437a801ad284b5546346e6b38df2f7071e5e238d3d5594aa80d0fee143679b32d574f8fd16a14934fa81645bdee3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/rimraf@2.7.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/rimraf#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/rimraf/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/rimraf.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/istanbul-reports@2.2.7",
+ "name": "istanbul-reports",
+ "version": "2.2.7",
+ "description": "istanbul reports",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "baed45fcbd68e58e8bccf5525595cd3a80ff297a49b9ef5a78b45dd2c33db8c5df66fce8981d16c556a659be6e7bc900daf5561265bb106f80e67ddfd64a872a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/istanbul-reports@2.2.7",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://istanbul.js.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/istanbuljs/istanbuljs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/istanbuljs/istanbuljs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/html-escaper@2.0.2",
+ "name": "html-escaper",
+ "version": "2.0.2",
+ "description": "fast and safe way to escape and unescape &<>'\" chars",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1f688cb5dd08e0cb7979889aa517480e3a7e5f37a55d0d2d144e094bb605c057af5d73263a9f66c8dad4bc28340fac2cf22aa444f05f28781bc228354a694b7e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/html-escaper@2.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/WebReflection/html-escaper"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/WebReflection/html-escaper/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/WebReflection/html-escaper.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-resolve@24.9.0",
+ "name": "jest-resolve",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4da2de2d52f5974f1815902ddf368fb63895bf2cb8a1203a0917bed0014f3d55f743f548d20888596a00be84b92fdeaf8fd0eac63e1f079a76aab1c299353f31"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-resolve@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/browser-resolve@1.11.3",
+ "name": "browser-resolve",
+ "version": "1.11.3",
+ "description": "resolve which handles browser field support in package.json",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7b10e2d4161607feab68a1e60d30a27107d392ac0de5f8a83055788fc06c7cc5384760cafd07d97caee439592658234035fd2c9e4073a86a802416a8f6064c75"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/browser-resolve@1.11.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/shtylman/node-browser-resolve#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/shtylman/node-browser-resolve/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/shtylman/node-browser-resolve.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/resolve@1.1.7",
+ "name": "resolve",
+ "version": "1.1.7",
+ "description": "resolve like require.resolve() on behalf of files asynchronously and synchronously",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "203114d82ad2c5ed9e8e0411b3932875e889e97b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/resolve@1.1.7",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/substack/node-resolve#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/substack/node-resolve/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/substack/node-resolve.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-pnp-resolver@1.2.2",
+ "name": "jest-pnp-resolver",
+ "version": "1.2.2",
+ "description": "plug'n'play resolver for Webpack",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a25578d5b292326f01767b8cb1ec13e23aa567cfb74c20110178d9193f637284a7adf527442aa732817d5c47a85a36f339ba6a17d751847423d176fd41d17aff"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-pnp-resolver@1.2.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/arcanis/jest-pnp-resolver"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/arcanis/jest-pnp-resolver/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/arcanis/jest-pnp-resolver.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-runtime@24.9.0",
+ "name": "jest-runtime",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f2836a827985defd89e8f55133625fba3f285f7b322a66b29e50cc30a4388b2cdb433206ead879b9bfe53366c23139a84ca337ca4714608d8fc3dc7036d8cc9f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-runtime@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-config@24.9.0",
+ "name": "jest-config",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4404ed409b55610ae9edfbd683a7f9cb7a44163f48f87f2c5b0e1a2b19c367dea6a1be62e520fa64419680c2d74382c4f14babae36dd94b59d51ea3edbc4297d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-config@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40jest/test-sequencer@24.9.0",
+ "group": "@jest",
+ "name": "test-sequencer",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "eaaaac538a34916d5dbc0f79a9f36883cbfc82444df6987a2f3eebf7a22f6691dd362a4fd9c05c6f4ec9d59e399b3fd5212d35387277a58f13e5f518dfcb60e0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40jest/test-sequencer@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-runner@24.9.0",
+ "name": "jest-runner",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2a4b09432237ff49a171fb299f1c44381b9e1ab779138bd5ec00d02d3f4449a0b3cf4d969db75b29621fe4c91ab9ca1a8fba1b41c9183d55fa24986051ca165a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-runner@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-docblock@24.9.0",
+ "name": "jest-docblock",
+ "version": "24.9.0",
+ "description": "`jest-docblock` is a package that can extract and parse a specially-formatted comment called a \"docblock\" at the top of a file.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1750e37690cc24c03570de877b414d60d665a37c9898eb5152792dad3f50dfb9e36330b95846837666f29c8832d0bfc8bd7bef82c1bc3acaa12cf5d3a5f99900"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-docblock@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/detect-newline@2.1.0",
+ "name": "detect-newline",
+ "version": "2.1.0",
+ "description": "Detect the dominant newline character of a string",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f41f1c10be4b00e87b5f13da680759f2c5bfd3e2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/detect-newline@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/detect-newline#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/detect-newline/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/detect-newline.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-jasmine2@24.9.0",
+ "name": "jest-jasmine2",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0aaeef90081a60aa7e3ec5fedbf25b4daaeb9340e6361b04b6a05737050791d95bad304bb4c2483400dfda67f9164a3036cabc7af6cf734effa853b401d293cf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-jasmine2@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/co@4.6.0",
+ "name": "co",
+ "version": "4.6.0",
+ "description": "generator async control flow goodness",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6ea6bdf3d853ae54ccb8e47bfa0bf3f9031fb184"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/co@4.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/tj/co#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/tj/co/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/tj/co.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/expect@24.9.0",
+ "name": "expect",
+ "version": "24.9.0",
+ "description": "This package exports the `expect` function used in [Jest](https://jestjs.io/). You can find its documentation [on Jest's website](https://jestjs.io/docs/en/expect.html).",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c2f540c7c5c8a25dd9e66f73bd95e2c99390fac449a8d4c89bab068dd5a569921eba94063b759b608fb5e43fc0984c19cb02fac2d2646c06c9b7390e7c1b91d1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/expect@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-get-type@24.9.0",
+ "name": "jest-get-type",
+ "version": "24.9.0",
+ "description": "A utility function to get the type of a value",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "954b1e3330257b2e0b84872948ff497fe7d3ad0e1ad721d0c0b35e7956b670499b0867a8640b583ce22ff096b12c3fec5292b17ad2863fe82c1e5f1ff134a3f1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-get-type@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-matcher-utils@24.9.0",
+ "name": "jest-matcher-utils",
+ "version": "24.9.0",
+ "description": "A set of utility functions for expect and related packages",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "399cf6217b2ee9e6a2300c1eebb7354fee6d500b50c90c76eff10c1246c50068b0e76b41f5e9beb866f3a5c81856903cc25d2197128f671ae5cb809753f1a31c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-matcher-utils@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-diff@24.9.0",
+ "name": "jest-diff",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a8c7eb4ecf007491368aaad3a7487387b9137763d05abb05ca3f6d391a0a9aedf6c633e3784e0dca35510f3f326d8c2a4b68a4f0de21b08a62553c857a8da505"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-diff@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/diff-sequences@24.9.0",
+ "name": "diff-sequences",
+ "version": "24.9.0",
+ "description": "Compare items in two sequences to find a longest common subsequence",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0e3e96937b56c9313e168d6b5bcbf45e1c24f34ba6eb215829bb80c5cf5cdc46712071436306e2df8524e36bb509d9c8895a2bbede119a54838c83f2cc60b67b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/diff-sequences@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pretty-format@24.9.0",
+ "name": "pretty-format",
+ "version": "24.9.0",
+ "description": "Stringify any JavaScript value.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d3464c654887689acd7e4df782e6afaa0bdf252df4b0b61fd1ff3e4ab925bf400c3e87461877281e092c6773938589c8bce77ef323029f462210ea208e582c9c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pretty-format@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ansi-regex@4.1.0",
+ "name": "ansi-regex",
+ "version": "4.1.0",
+ "description": "Regular expression for matching ANSI escape codes",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d5aa5e3df5ccd54392ab0d28f48885028bd5cfd3394b50e0fb84eb0f07cc7b043aa7fae632e79beed5998d0d6bc782e8cb502b060828a86a5faaa748e2ba2776"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ansi-regex@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/ansi-regex#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/ansi-regex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/ansi-regex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/react-is@16.13.1",
+ "name": "react-is",
+ "version": "16.13.1",
+ "description": "Brand checking of React Elements.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "db87baca71361fe38ab7892ab0ebcd77c901a55eb9ce8c5b038055b04381dc0455590922fc31f3694a02e4ab8e37f06271c0da0824d906e39c7d9b3bd2447c6d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/react-is@16.13.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://reactjs.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/react/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/react.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-generator-fn@2.1.0",
+ "name": "is-generator-fn",
+ "version": "2.1.0",
+ "description": "Check if something is a generator function",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "713201e323d82ff1abc3411a4b3012ce0e9b072f60a82a1fbd637ca244e1018231289642fae7654409866ccd172de9e21094acf2e1201cf1ae1d27b55ec38b49"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-generator-fn@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/is-generator-fn#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/is-generator-fn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/is-generator-fn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-each@24.9.0",
+ "name": "jest-each",
+ "version": "24.9.0",
+ "description": "Parameterised tests for Jest",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "38d8b447806f5b8e5cc3cb362ebc7c6206de5cbd68090ff0203c26b0cdc2a8cfe795b94d08f9a70b720f42531b44566edf029d43653c06a33a961dcb27906ca2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-each@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-snapshot@24.9.0",
+ "name": "jest-snapshot",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b88febb33192b3bdf108cd25faea7b3bb6b8d28f74727ae4e36f4b3a22b769e4ef7c2d071e695d6ddf35fc1ec8c7cd4a4857b597091b97b1a70461b851fb837b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-snapshot@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/natural-compare@1.4.0",
+ "name": "natural-compare",
+ "version": "1.4.0",
+ "description": "Compare strings containing a mix of letters and numbers in the way a human being would in sort order.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/natural-compare@1.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/litejs/natural-compare-lite#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/litejs/natural-compare-lite/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/litejs/natural-compare-lite.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/throat@4.1.0",
+ "name": "throat",
+ "version": "4.1.0",
+ "description": "Throttle the parallelism of an asynchronous (promise returning) function / functions",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "89037cbc92c56ab18926e6ba4cbb200e15672a6a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/throat@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ForbesLindesay/throat#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ForbesLindesay/throat/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ForbesLindesay/throat.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-leak-detector@24.9.0",
+ "name": "jest-leak-detector",
+ "version": "24.9.0",
+ "description": "Module for verifying whether an object has been garbage collected or not.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b58905203b222931b06f6146d70f215fd5746946f6a2df3363fda7160d3cedd51a81ea27c35ceb2cc3f85bacec44ee7d74f91348a89ef83e2b84cb8ff67466ac"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-leak-detector@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/source-map-support@0.5.19",
+ "name": "source-map-support",
+ "version": "0.5.19",
+ "description": "Fixes stack traces for files with source maps",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5a89e6ef3382209cc1190741fad86c3daaf4918b8223362fc59c2505af3bca2fcc763bfb4e2a7673255b2e3e68d1c14f37811592e4f06f71830f2531d831a71b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/source-map-support@0.5.19",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/evanw/node-source-map-support#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/evanw/node-source-map-support/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/evanw/node-source-map-support.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/buffer-from@1.1.1",
+ "name": "buffer-from",
+ "version": "1.1.1",
+ "description": "A [ponyfill](https://ponyfill.com) for `Buffer.from`, uses native implementation if available.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3107171146c22ad128edb86a12ceb9eb41f27785daa2f6653bf93d57786355417fcf05bb28155d48ae2022dfdbcf04bd31b479aa86fe1798eeb19b1bd1840ad8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/buffer-from@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/LinusU/buffer-from#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/LinusU/buffer-from/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/LinusU/buffer-from.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/babel-jest@24.9.0",
+ "name": "babel-jest",
+ "version": "24.9.0",
+ "description": "Jest plugin to use babel for transformation.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9edb9d75fca237e121330e7c3d334bd698780bdac40a24178c8e2730c04a05a3635efa8b7645e93d170c4abe22c81ac983ffb0cfd6eb1540fa4613804faaf823"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/babel-jest@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/babel__core@7.1.9",
+ "group": "@types",
+ "name": "babel__core",
+ "version": "7.1.9",
+ "description": "TypeScript definitions for @babel/core",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b18d91b08279ae9111d6edff690f0e15223ba86232f28d4d1046e06f651a25cbceb5738ca5ddfd928ef6dcd0698d0160f52217ed35ed8de8d954678830b8683b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/babel__core@7.1.9",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/babel__generator@7.6.1",
+ "group": "@types",
+ "name": "babel__generator",
+ "version": "7.6.1",
+ "description": "TypeScript definitions for @babel/generator",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6c12a6fb654f25c311570361c4abbc5bee7fcd3ee9c0d12a7a89053a66ef552a86cc59de37161c101ae8f4073bfcdf6d96c68f62764b2bc2752d62a432c2c07b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/babel__generator@7.6.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/babel__template@7.0.2",
+ "group": "@types",
+ "name": "babel__template",
+ "version": "7.0.2",
+ "description": "TypeScript definitions for @babel/template",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "fcaeb30a9796ec89b381a6f66cb90b11bcf4fb5265152ad431dc3b2a8208bbe21476ee75196681669777cb55571955f3ca7bc66b80da21ac4d64788e37719752"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/babel__template@7.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/babel__traverse@7.0.13",
+ "group": "@types",
+ "name": "babel__traverse",
+ "version": "7.0.13",
+ "description": "TypeScript definitions for @babel/traverse",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8becd2eedebfb3d71d42f6ea283011adc6eb3efb491a56d8b0c91ace8d379d300add15fd14dacb9655f2b36dae8931896a93ce4d94d0df99c7878212a61e122d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/babel__traverse@7.0.13",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/babel-preset-jest@24.9.0",
+ "name": "babel-preset-jest",
+ "version": "24.9.0",
+ "description": "> Babel preset for all Jest plugins. This preset is automatically included when using [babel-jest](https://github.com/facebook/jest/tree/master/packages/babel-jest).",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8b34d4ba11384cc7d344f17dd9f1700f641f7576995b4f2abd64c5088e7557cad6e71d3452e3e07376a34685a87d73aec637dc38ce73cd262c412dc7f0a18202"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/babel-preset-jest@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3",
+ "group": "@babel",
+ "name": "plugin-syntax-object-rest-spread",
+ "version": "7.8.3",
+ "description": "Allow parsing of object rest/spread",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5e8a8c8a31996fdcb7cb65ec90df8fd70506895c16679266a03470c79fb71a612994dc95336b360e0f082c5426f2b58ce3ca2b1b2e58a48e4197c535cbbc9d94"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-object-rest-spread@7.8.3",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/babel/babel/tree/master/packages/babel-plugin-syntax-object-rest-spread"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/babel-plugin-jest-hoist@24.9.0",
+ "name": "babel-plugin-jest-hoist",
+ "version": "24.9.0",
+ "description": "Babel plugin to hoist `jest.disableAutomock`, `jest.enableAutomock`, `jest.unmock`, `jest.mock`, calls above `import` statements. This plugin is automatically included when using [babel-jest](https://github.com/facebook/jest/tree/master/packages/babel-jest).",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d84300d8ff15a7b946d11033af81d7aad63069c7cc12b3aebf5537c2bbf11d7eab0f5b15eb14b75971b7afc4d1436afac3c3a1bd2756b7ecf8d6140dc0d9b75f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/babel-plugin-jest-hoist@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-environment-jsdom@24.9.0",
+ "name": "jest-environment-jsdom",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "66ff4557d3414732ee00b5e3bd18a33b6df9d4345078b617b690f8c4dbdfa15170db520e28d85900450a71b884b634e49b61ac2776e8315824691eeb37ca9eb4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-environment-jsdom@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jsdom@11.12.0",
+ "name": "jsdom",
+ "version": "11.12.0",
+ "description": "A JavaScript implementation of many web standards",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "cbc3f1e37a32881335dd9735cfbf3416b7cd2c90974cbe3411696dcbf2d752d723ca44413602e50a3597a5f48f065da2bfe37b92840df9dbeab331d9813fc58f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jsdom@11.12.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/jsdom#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/jsdom/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/jsdom.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/abab@2.0.3",
+ "name": "abab",
+ "version": "2.0.3",
+ "description": "WHATWG spec-compliant implementations of window.atob and window.btoa.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b6c1733e972db5a94d8c504214caac29841c5b1c5e9f5a60251e7a6f2fff430bc9738fce512de43ce3adb71dad4887e3b32941d2962eedfe43dcad510b152752"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/abab@2.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/abab#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/abab/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/abab.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/acorn@5.7.4",
+ "name": "acorn",
+ "version": "5.7.4",
+ "description": "ECMAScript parser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d43fbe546ec186bb6f42935b073a2f28d73514b186104fe819eedbf71266fd11473017946941a996e57d44b8d96b8ed815d3dc0c07a7118baaf6940f70c74b26"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/acorn@5.7.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/acornjs/acorn"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/acornjs/acorn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/acornjs/acorn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/acorn-globals@4.3.4",
+ "name": "acorn-globals",
+ "version": "4.3.4",
+ "description": "Detect global variables in JavaScript using acorn",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7257d0121db547e0f495e49b51d59fdce71fab268248043c472ab4d1ba1f49e91fafd5bcbb58f2619a3a8abd31bbd1ad71fec18dc1c9a676d91fb24e0a93fad0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/acorn-globals@4.3.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ForbesLindesay/acorn-globals#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ForbesLindesay/acorn-globals/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ForbesLindesay/acorn-globals.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/acorn@6.4.1",
+ "name": "acorn",
+ "version": "6.4.1",
+ "description": "ECMAScript parser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "65503d937dba370ae3dc28fd8e5877c0616eb42d99a2b9cf340459c2c358a9062037412c576779df0e5137f728eb93a19f8b14014b5bd6b49400e0fa5cdf6274"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/acorn@6.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/acornjs/acorn"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/acornjs/acorn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/acornjs/acorn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/acorn-walk@6.2.0",
+ "name": "acorn-walk",
+ "version": "6.2.0",
+ "description": "ECMAScript (ESTree) AST walker",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "edebecc9f1f570b382740cd901de370a2734e322b274dc74705fbbb62035f69d579cb2cf5387690903aaa63ab0a2415efffbd2d10a9faaa8c24b6264888b3470"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/acorn-walk@6.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/acornjs/acorn"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/acornjs/acorn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/acornjs/acorn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/array-equal@1.0.0",
+ "name": "array-equal",
+ "version": "1.0.0",
+ "description": "check if two arrays are equal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8c2a5ef2472fd9ea742b04c77a75093ba2757c93"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/array-equal@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/component/array-equal#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/component/array-equal/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/component/array-equal.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cssstyle@1.4.0",
+ "name": "cssstyle",
+ "version": "1.4.0",
+ "description": "CSSStyleDeclaration Object Model implementation",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "181acb6586785f8c7afd012806722ba9bf01fdfe65e3ef267b6764a26fe3d46b5bc72d2406fe8e1b32ae02c18cef96e41b0180164b79e88c20dbc4b75d366048"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cssstyle@1.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsakas/CSSStyleDeclaration"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsakas/CSSStyleDeclaration/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsakas/CSSStyleDeclaration.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/data-urls@1.1.0",
+ "name": "data-urls",
+ "version": "1.1.0",
+ "description": "Parses data: URLs",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "61359823db1ed4fe79bb9f202f91a44075b83fa549049e62053f81e5aee2d938da761bf9da96891b4a875f8034391ebfb79da8748eb828fd98bc5a640ce8b779"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/data-urls@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/data-urls#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/data-urls/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/data-urls.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/whatwg-mimetype@2.3.0",
+ "name": "whatwg-mimetype",
+ "version": "2.3.0",
+ "description": "Parses, serializes, and manipulates MIME types, according to the WHATWG MIME Sniffing Standard",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "338c8cc2bea6027433efa4db266f75e3e80fa41fe70b0bd96c9536f1c503e9d474d38480c432ce39251a07524346a2ed68e57fbe2d080b9944006160ae31affe"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/whatwg-mimetype@2.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/whatwg-mimetype#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/whatwg-mimetype/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/whatwg-mimetype.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/whatwg-url@7.1.0",
+ "name": "whatwg-url",
+ "version": "7.1.0",
+ "description": "An implementation of the WHATWG URL Standard's URL API and parsing machinery",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "594bbb460d43ae833ba10bc659f3a200adb59fbe0683e4f87a55c441890e86dc8b7968891683862d73ca23ff60cc889ef42b7054b9bcc2dc3a60974acb14a37a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/whatwg-url@7.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/whatwg-url#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/whatwg-url/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/whatwg-url.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.sortby@4.7.0",
+ "name": "lodash.sortby",
+ "version": "4.7.0",
+ "description": "The lodash method `_.sortBy` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.sortby@4.7.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/tr46@1.0.1",
+ "name": "tr46",
+ "version": "1.0.1",
+ "description": "An implementation of the Unicode TR46 spec",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a8b13fd6bfd2489519674ccde55ba3693b706d09"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/tr46@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Sebmaster/tr46.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Sebmaster/tr46.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/Sebmaster/tr46.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/webidl-conversions@4.0.2",
+ "name": "webidl-conversions",
+ "version": "4.0.2",
+ "description": "Implements the WebIDL algorithms for converting to and from JavaScript values",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "610f819b1b9381de945d95b7f880867f2a91c875d5943e46b50af9faa8e2356edb17472aaf35f9d341d55cf04ebe05dbe589f30ddfa1d33ab2bfad4a503efe4a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/webidl-conversions@4.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/webidl-conversions#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/webidl-conversions/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/webidl-conversions.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/domexception@1.0.1",
+ "name": "domexception",
+ "version": "1.0.1",
+ "description": "An implementation of the DOMException class from browsers",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ada8a03249fb08934da3a221ae8d5fcc6ef0af77c7b98572b73aae64a5f99f4ca2cc6b137188337485308f55fda4ad15be37a2855f9789c94ff838f06ec48aba"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/domexception@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/domexception#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/domexception/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/domexception.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/escodegen@1.14.3",
+ "name": "escodegen",
+ "version": "1.14.3",
+ "description": "ECMAScript code generator",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a85717d17264760f8f077c636591bfc0a4ae4f53e7416c79efe4d54a320c9882dddb20bfe81c981253f0267b250ecb96b92029e00c091ae99aac002625c8792b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/escodegen@1.14.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://github.com/estools/escodegen"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/estools/escodegen/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/estools/escodegen.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/esprima@4.0.1",
+ "name": "esprima",
+ "version": "4.0.1",
+ "description": "ECMAScript parsing infrastructure for multipurpose analysis",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "786b85170ed4a5d6be838a7e407be75b44724d7fd255e2410ccfe00ad30044ed1c2ee4f61dc10a9d33ef86357a6867aaac207fb1b368a742acce6d23b1a594e0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/esprima@4.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://esprima.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jquery/esprima/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jquery/esprima.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/estraverse@4.3.0",
+ "name": "estraverse",
+ "version": "4.3.0",
+ "description": "ECMAScript JS AST traversal functions",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dfd9e729f7d6cfcc4dd4153fd9cefd9fd9c1f470f3a349e2614ab1eb1caa527ca8027432c96a4e4dd6447a209c87c041bb9d79b78c29f599a055f5619fd101a7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/estraverse@4.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/estools/estraverse"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/estools/estraverse/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/estools/estraverse.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/esutils@2.0.3",
+ "name": "esutils",
+ "version": "2.0.3",
+ "description": "utility box for ECMAScript language tools",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "915b1ca97938382a7af126747648042958baffc8a3df4d0a0564c9ab7d8ffdd61e5934b02b8d56c93c5a94dd5e46603967d514fcb5fd0fb1564a657d480631ea"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/esutils@2.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/estools/esutils"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/estools/esutils/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/estools/esutils.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/optionator@0.8.3",
+ "name": "optionator",
+ "version": "0.8.3",
+ "description": "option parsing and help generation",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f885bda4009d9375d69a64d71bc9b7ba919426cb795d11b3c4c4635f302e2755e720536f7e18e322e6240efcac9cf43bab3a95ccbb7bf010abba7b6a4615906c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/optionator@0.8.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/gkz/optionator"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/gkz/optionator/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/gkz/optionator.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/deep-is@0.1.3",
+ "name": "deep-is",
+ "version": "0.1.3",
+ "description": "node's assert.deepEqual algorithm except for NaN being equal to NaN",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b369d6fb5dbc13eecf524f91b070feedc357cf34"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/deep-is@0.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/thlorenz/deep-is#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/thlorenz/deep-is/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/thlorenz/deep-is.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/fast-levenshtein@2.0.6",
+ "name": "fast-levenshtein",
+ "version": "2.0.6",
+ "description": "Efficient implementation of Levenshtein algorithm with locale-specific collator support.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "3d8a5c66883a16a30ca8643e851f19baa7797917"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/fast-levenshtein@2.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/hiddentao/fast-levenshtein#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/hiddentao/fast-levenshtein/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/hiddentao/fast-levenshtein.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/levn@0.3.0",
+ "name": "levn",
+ "version": "0.3.0",
+ "description": "Light ECMAScript (JavaScript) Value Notation - human written, concise, typed, flexible",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "3b09924edf9f083c0490fdd4c0bc4421e04764ee"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/levn@0.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/gkz/levn"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/gkz/levn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/gkz/levn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/prelude-ls@1.1.2",
+ "name": "prelude-ls",
+ "version": "1.1.2",
+ "description": "prelude.ls is a functionally oriented utility library. It is powerful and flexible. Almost all of its functions are curried. It is written in, and is the recommended base library for, LiveScript.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "21932a549f5e52ffd9a827f570e04be62a97da54"
+ }
+ ],
+ "purl": "pkg:npm/prelude-ls@1.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://preludels.com"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/gkz/prelude-ls/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/gkz/prelude-ls.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/type-check@0.3.2",
+ "name": "type-check",
+ "version": "0.3.2",
+ "description": "type-check allows you to check the types of JavaScript values at runtime with a Haskell like type syntax.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5884cab512cf1d355e3fb784f30804b2b520db72"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/type-check@0.3.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/gkz/type-check"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/gkz/type-check/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/gkz/type-check.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/word-wrap@1.2.3",
+ "name": "word-wrap",
+ "version": "1.2.3",
+ "description": "Wrap words to a specified length.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1f3fe6acdc22b4d461fc7500b4cfd54ffe551feca00fa0d5ee660a640b473ab6ecf14ee5bcf4bac5fec424a305d2e5b52890a5d07ef4d60dd91aeb3e9ae139bd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/word-wrap@1.2.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonschlinkert/word-wrap"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonschlinkert/word-wrap/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonschlinkert/word-wrap.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/html-encoding-sniffer@1.0.2",
+ "name": "html-encoding-sniffer",
+ "version": "1.0.2",
+ "description": "Sniff the encoding from a HTML byte stream",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ef5959ce28839ecb9a6df7588947967425722aeab05a2db72fc61e22057d8d24991c2b5beb007504a5a8a07ecbded9f8fc5b9924c556c8d6880ebe111a669263"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/html-encoding-sniffer@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/html-encoding-sniffer#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/html-encoding-sniffer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/html-encoding-sniffer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/whatwg-encoding@1.0.5",
+ "name": "whatwg-encoding",
+ "version": "1.0.5",
+ "description": "Decode strings according to the WHATWG Encoding Standard",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6f99629b9e0938f37d1edcef2bd1c55ef0666bfae77c57aab22734852a63b436d5c51ddd24a2dcf8a07857a1a08863af97b098fca361f2bc52a3d0ca42b9d413"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/whatwg-encoding@1.0.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/whatwg-encoding#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/whatwg-encoding/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/whatwg-encoding.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/iconv-lite@0.4.24",
+ "name": "iconv-lite",
+ "version": "0.4.24",
+ "description": "Convert character encodings in pure javascript.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "bf73179d901cbe7cb091350466898801cb657bb4575de79d391df5c3097b565ca85cee108bd6abbd27a73505a77b54dc4708422f51f02c8db56c4a9da63f3fac"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/iconv-lite@0.4.24",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ashtuchkin/iconv-lite"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ashtuchkin/iconv-lite/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ashtuchkin/iconv-lite.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/left-pad@1.3.0",
+ "name": "left-pad",
+ "version": "1.3.0",
+ "description": "String left pad",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5c8e4c3f354d0298c0ca1433a615fc06498ab0a5310f82ddc8adb88997901a29c137dc93413ddb165081cbf695c761eb35ca901ac768b7c821ae3cabbcc0a810"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "WTFPL"
+ }
+ }
+ ],
+ "purl": "pkg:npm/left-pad@1.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stevemao/left-pad#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stevemao/left-pad/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/stevemao/left-pad.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/nwsapi@2.2.0",
+ "name": "nwsapi",
+ "version": "2.2.0",
+ "description": "Fast CSS Selectors API Engine",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "87601ab5dc181fe247899a6fee9b7f8125f55e84466fb2ffa9221ebaa03a1b062817dc35bcfd5cc38d933b4688da9372b2144ae7cf7784d4a5fb5fffbc72bb85"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/nwsapi@2.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://javascript.nwbox.com/nwsapi/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "http://github.com/dperini/nwsapi/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/dperini/nwsapi.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/parse5@4.0.0",
+ "name": "parse5",
+ "version": "4.0.0",
+ "description": "HTML parsing/serialization toolset for Node.js. WHATWG HTML Living Standard (aka HTML5)-compliant.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "56b67b78e7774f5164e1758d5cc8221812bfcf4306e3c0561b6b90354e08ef67e442e2944d9a65faef64f82c441b4b70315cd2997104cf5db3e459f0d6321014"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/parse5@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/inikulin/parse5"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/inikulin/parse5/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/inikulin/parse5.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pn@1.1.0",
+ "name": "pn",
+ "version": "1.1.0",
+ "description": "Promisify the node standard library.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "daa1da210af654b445a317b69c04b3b15e9e7f8c8e387f858bd1413951fa72a7928149e8cb248f664c732eecddf9160e41346944e034ced4ccab144e2926ff9c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pn@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/cscott/node-pn#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/cscott/node-pn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/cscott/node-pn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/request-promise-native@1.0.9",
+ "name": "request-promise-native",
+ "version": "1.0.9",
+ "description": "The simplified HTTP request client 'request' with Promise support. Powered by native ES6 promises.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c1c5beb085225a72a0358d1da82a4e66451b17f23e60f8be7f4f496480dadfd11cfaaf360a94989e20e9f884a04d36ca9a7a4958049e2413d99a8c47f38c2dde"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/request-promise-native@1.0.9",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/request/request-promise-native#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/request/request-promise-native/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/request/request-promise-native.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/request-promise-core@1.1.4",
+ "name": "request-promise-core",
+ "version": "1.1.4",
+ "description": "Core Promise support implementation for the simplified HTTP request client 'request'.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4d36c07c10517560fb68d34ea153811f8a4dfca8a057a2f26a960d36500f03c2706e8bd1b62d44f3c9b7b18030b0b8b9af284f2ac13d00fc278c54e07548d3a7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/request-promise-core@1.1.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/request/promise-core#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/request/promise-core/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/request/promise-core.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/stealthy-require@1.1.1",
+ "name": "stealthy-require",
+ "version": "1.1.1",
+ "description": "The closest you can get to require something with bypassing the require cache",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "35b09875b4ff49f26a777e509b3090a3226bf24b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/stealthy-require@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/analog-nico/stealthy-require#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/analog-nico/stealthy-require/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/analog-nico/stealthy-require.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/sax@1.2.4",
+ "name": "sax",
+ "version": "1.2.4",
+ "description": "An evented streaming XML parser in JavaScript",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "36a543bfd4e900d523166d0df2e3391b12f7e9480a8bdfdab59c3ec7b6059d0f1c9301462ab978c57e325adadecb75099b99cfd6451b9d880ba29a963524615b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/sax@1.2.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/sax-js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/sax-js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/sax-js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/symbol-tree@3.2.4",
+ "name": "symbol-tree",
+ "version": "3.2.4",
+ "description": "Turn any collection of objects into its own efficient tree or linked list using Symbol",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f50364e4ac0317e06fcfe3f239b9264988c8e64b15518b635bb014db6af634a71f2c9717a7dea1903594dfe5e774eb146fe010f5085fcdf093d8ef823564f94f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/symbol-tree@3.2.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/js-symbol-tree#symbol-tree"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/js-symbol-tree/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/js-symbol-tree.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/w3c-hr-time@1.0.2",
+ "name": "w3c-hr-time",
+ "version": "1.0.2",
+ "description": "An implementation of the W3C High Resolution Time Level 2 specification.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "cfc3f90ef0cd8ca0e81481caeeaf2bf2569c913ea5fa3a3f61edc73a57bb97d9c808ff657f50a2db97f2f6f1ddd093967b09081735c81228374dd293ec94397d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/w3c-hr-time@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/w3c-hr-time#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/w3c-hr-time/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/w3c-hr-time.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/browser-process-hrtime@1.0.0",
+ "name": "browser-process-hrtime",
+ "version": "1.0.0",
+ "description": "Shim for process.hrtime in the browser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f68e5479c2371a192933a0eb5ebebd3db948b96c4f2a4f58d231c1461768719db2ed81020450ac1e6efd3ebdcec91d80be384391a6c525a0c931845acc782ca3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/browser-process-hrtime@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kumavis/browser-process-hrtime#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kumavis/browser-process-hrtime/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/kumavis/browser-process-hrtime.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/whatwg-url@6.5.0",
+ "name": "whatwg-url",
+ "version": "6.5.0",
+ "description": "An implementation of the WHATWG URL Standard's URL API and parsing machinery",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ae145946ac7f4cb250594a50e9b9abb76515e1fd07090e3adf242e38d26a0ba7ced95a046f5a5361d75b7b9f52918abcedaa0ce40ddb761319894895c2cf9fcd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/whatwg-url@6.5.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/whatwg-url#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/whatwg-url/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/whatwg-url.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ws@5.2.2",
+ "name": "ws",
+ "version": "5.2.2",
+ "description": "Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8da1c50fa3c5bfa520a0855d6baa99965a6d42c3250c42644d07326f3cd70d83355cef58f1e9baf7514630f98ce3a586c8b538cfd28c81037eaabbb1fe78651c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ws@5.2.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/websockets/ws"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/websockets/ws/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/websockets/ws.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/async-limiter@1.0.1",
+ "name": "async-limiter",
+ "version": "1.0.1",
+ "description": "asynchronous function queue with adjustable concurrency",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "72c3a558601c44525a23a9be17658a76730aaf81e1761155064d07fd06c914c0abfae3b6930a21c1740fc70ffd382c69d39af9821541152ca2a22c71de07e435"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/async-limiter@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/strml/async-limiter#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/strml/async-limiter/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/strml/async-limiter.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/xml-name-validator@3.0.0",
+ "name": "xml-name-validator",
+ "version": "3.0.0",
+ "description": "Validates whether a string matches the production for an XML name or qualified name",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "039094a6dc43b2fc4a244537c8ee83b96052273fea8b3ab324a38c21f5091c44db070fec15a0f181de9fc66d5ec1468cd23678e3815ce6f0b944e62eae0ff83f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/xml-name-validator@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jsdom/xml-name-validator#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jsdom/xml-name-validator/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jsdom/xml-name-validator.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-environment-node@24.9.0",
+ "name": "jest-environment-node",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e9de15d9fe27c73233c1e9dda36ed3af46859be21759ad171149da1fa9d4d0531aa33c68bedfac7d1be1e09e3bc0bd4ebc5f372374924eed172be8b806a7bbb8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-environment-node@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-validate@24.9.0",
+ "name": "jest-validate",
+ "version": "24.9.0",
+ "description": "Generic configuration validation tool that helps you with warnings, errors and deprecation messages as well as showing users examples of correct configuration.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1cf22de82e400b08aa4a2c22f8e7d24876caf2c1bb6a41bc7804e5f883ca69e223b4f39e05477f83727b0e086e833c6b1a323ddea4bff913ca7b51fa3eabe145"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-validate@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/camelcase@5.3.1",
+ "name": "camelcase",
+ "version": "5.3.1",
+ "description": "Convert a dash/dot/underscore/space separated string to camelCase or PascalCase: `foo-bar` → `fooBar`",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2f6f124c1d7bd27c164badd48ed944384ddd95d400a5a257664388d6e3057f37f7ad1b8f7a01da1deb3279ef98c50f96e92bd10d057a52b74e751891d79df026"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/camelcase@5.3.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/camelcase#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/camelcase/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/camelcase.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/leven@3.1.0",
+ "name": "leven",
+ "version": "3.1.0",
+ "description": "Measure the difference between two strings using the fastest JS implementation of the Levenshtein distance algorithm",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "aac75af87f234da51a37fc79bf35b6af373ef11c384c043fe0a8c1e3a2302b9547f8895579e7a37bf128651a625ef22a8c580af3841f7ea3f3b462375412c6d4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/leven@3.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/leven#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/leven/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/leven.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/yargs@13.3.2",
+ "name": "yargs",
+ "version": "13.3.2",
+ "description": "yargs the modern, pirate-themed, successor to optimist.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "017dd9c3988faee37989eeb119120382a913f9986746564c2cc1c0b3cb60ee746bbb2d8d6fe8b9a3d6f082102882d334f2ad5da6bd8b5684bc2924cc62959753"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/yargs@13.3.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://yargs.js.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/yargs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/yargs/yargs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cliui@5.0.0",
+ "name": "cliui",
+ "version": "5.0.0",
+ "description": "easily create complex multi-column command-line-interfaces",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3d87864849a61cceb3be879fdb0f133f396b9cda572234e2a582bbf3462cc2620ff6f8f199de98d9adc20762acebf014f0d1e366e817be8f30de858cdaa9f05c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cliui@5.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/yargs/cliui#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/cliui/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/yargs/cliui.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/string-width@3.1.0",
+ "name": "string-width",
+ "version": "3.1.0",
+ "description": "Get the visual width of a string - the number of columns required to display it",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "bda7dcbfa2a3559292833d3aa0cfc7e860c1ac0b73f2f76141a9068c522f36b1c0eb2dc7085d422272f2f902eaf1d4c93d0d5bf8a0d4a8315cb647515b8e1ed7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/string-width@3.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/string-width#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/string-width/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/string-width.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/emoji-regex@7.0.3",
+ "name": "emoji-regex",
+ "version": "7.0.3",
+ "description": "A regular expression to match all Emoji-only symbols as per the Unicode Standard.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0b004b444210ecbbd8141d16c91bf086ae4de6a3e173a3cc8c3e9b620805948e58c83825fb4bf1ab95476cc385a8b83b85f5b39aef13e59d50a1f8664c8848b4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/emoji-regex@7.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://mths.be/emoji-regex"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mathiasbynens/emoji-regex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mathiasbynens/emoji-regex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-fullwidth-code-point@2.0.0",
+ "name": "is-fullwidth-code-point",
+ "version": "2.0.0",
+ "description": "Check if the character represented by a given Unicode code point is fullwidth",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a3b30a5c4f199183167aaab93beefae3ddfb654f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-fullwidth-code-point@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/strip-ansi@5.2.0",
+ "name": "strip-ansi",
+ "version": "5.2.0",
+ "description": "Strip ANSI escape codes from a string",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0ee46cd6029b06ab0c288665adf7f096e83c30791c9e98ece553e62f53c087e980df45340d3a2d7c3674776514b17a4f98f98c309e96efbdcc680dc9fa56e258"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/strip-ansi@5.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/strip-ansi#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/strip-ansi/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/strip-ansi.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/wrap-ansi@5.1.0",
+ "name": "wrap-ansi",
+ "version": "5.1.0",
+ "description": "Wordwrap a string with ANSI escape codes",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "402d7f88dff6fd13d52798d82bc046b6d8f9cfcdcb9922a6bdbbeb5cf3422d94846f7d8a2950c90e5fcc3add8dd35a94d87fc593311af4f2ada3506a0e3b5ded"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/wrap-ansi@5.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/wrap-ansi#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/wrap-ansi/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/wrap-ansi.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/get-caller-file@2.0.5",
+ "name": "get-caller-file",
+ "version": "2.0.5",
+ "description": "[](https://travis-ci.org/stefanpenner/get-caller-file) [](https://ci.appveyor.com/project/embercli/get-caller-file/branch/master)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0f214fdc133fdd81d340e0942ffc343991d1d25a4a786af1a2d70759ca8d11d9e5b6a1705d57e110143de1e228df801f429a34ac6922e1cc8889fb58d3a87616"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/get-caller-file@2.0.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stefanpenner/get-caller-file#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stefanpenner/get-caller-file/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stefanpenner/get-caller-file.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/require-directory@2.1.1",
+ "name": "require-directory",
+ "version": "2.1.1",
+ "description": "Recursively iterates over specified directory, require()'ing each file, and returning a nested hash structure containing those modules.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8c64ad5fd30dab1c976e2344ffe7f792a6a6df42"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/require-directory@2.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/troygoode/node-require-directory/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "http://github.com/troygoode/node-require-directory/issues/"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/troygoode/node-require-directory.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/set-blocking@2.0.0",
+ "name": "set-blocking",
+ "version": "2.0.0",
+ "description": "set blocking stdio and stderr ensuring that terminal output does not truncate",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "045f9782d011ae9a6803ddd382b24392b3d890f7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/set-blocking@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/yargs/set-blocking#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/set-blocking/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/yargs/set-blocking.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/which-module@2.0.0",
+ "name": "which-module",
+ "version": "2.0.0",
+ "description": "Find the module object for something that was require()d",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d9ef07dce77b9902b8a3a8fa4b31c3e3f7e6e87a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/which-module@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/nexdrew/which-module#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/nexdrew/which-module/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/nexdrew/which-module.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/y18n@4.0.0",
+ "name": "y18n",
+ "version": "4.0.0",
+ "description": "the bare-bones internationalization library used by yargs",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "afd4bf6725eefd7bbdab5b58969b0b22c6b711e2d75e4d15c25c6a4dc1517e0f4484c5bed7b91bb7d1b436b8029a119be6f4f687284964b7c31b1fbbfb9523ff"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/y18n@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/yargs/y18n"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/y18n/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/yargs/y18n.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/yargs-parser@13.1.2",
+ "name": "yargs-parser",
+ "version": "13.1.2",
+ "description": "the mighty option parser used by yargs",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "de56ec3517ff8fe03842e4997c3440ec74527d6af33b4623a9325de648c0ab7ed97a9d421206989ab1fd4371b03e207d707c9dd58d54c208068491a8c62a5bce"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/yargs-parser@13.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/yargs/yargs-parser#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/yargs-parser/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/yargs/yargs-parser.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/decamelize@1.2.0",
+ "name": "decamelize",
+ "version": "1.2.0",
+ "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f6534d15148269b20352e7bee26f501f9a191290"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/decamelize@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/decamelize#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/decamelize/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/decamelize.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/node-notifier@5.4.3",
+ "name": "node-notifier",
+ "version": "5.4.3",
+ "description": "A Node.js module for sending notifications on native Mac, Windows (post and pre 8) and Linux (or Growl as fallback)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "33850119cb388de38af428d3b18c24bc7ebf333b949860b24d6fa4098eee3bed5956bd3e14719d3dd21fe4208ba806b19d1ad689dca8425364308215c1b281f1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/node-notifier@5.4.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mikaelbr/node-notifier#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mikaelbr/node-notifier/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/mikaelbr/node-notifier.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/growly@1.3.0",
+ "name": "growly",
+ "version": "1.3.0",
+ "description": "Simple zero-dependency Growl notifications using GNTP.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f10748cbe76af964b7c96c93c6bcc28af120c081"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/growly@1.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/theabraham/growly#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "http://github.com/theabraham/growly/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/theabraham/growly.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-wsl@1.1.0",
+ "name": "is-wsl",
+ "version": "1.1.0",
+ "description": "Check if the process is running inside Windows Subsystem for Linux (Bash on Windows)",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1f16e4aa22b04d1336b66188a66af3c600c3a66d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-wsl@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/is-wsl#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/is-wsl/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/is-wsl.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/shellwords@0.1.1",
+ "name": "shellwords",
+ "version": "0.1.1",
+ "description": "Manipulate strings according to the word parsing rules of the UNIX Bourne shell.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "bc5c1251f42fab26e2202c19639f8301620f2cab163b7d50f752522a5dd462ff8ae5cd9044fce7d2acde73a40fbb541cf5e1d822d88fdcd749a8d56a7ad600c3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/shellwords@0.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jimmycuadra/shellwords"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jimmycuadra/shellwords/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/jimmycuadra/shellwords.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/string-length@2.0.0",
+ "name": "string-length",
+ "version": "2.0.0",
+ "description": "Get the real length of a string - by correctly counting astral symbols and ignoring ansi escape codes",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d40dbb686a3ace960c1cffca562bf2c45f8363ed"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/string-length@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/string-length#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/string-length/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/string-length.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/astral-regex@1.0.0",
+ "name": "astral-regex",
+ "version": "1.0.0",
+ "description": "Regular expression for matching astral symbols",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f91c9fea0dc12a845cee37e9eda77cb4ce13b4c89a5af6c5ff5fec41c64f9244bb6a0dc3e6730109ed947ce4ce36d024686d2d3b48a3dc2e4bc267f5122ca31e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/astral-regex@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kevva/astral-regex#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kevva/astral-regex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/kevva/astral-regex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/strip-ansi@4.0.0",
+ "name": "strip-ansi",
+ "version": "4.0.0",
+ "description": "Strip ANSI escape codes",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a8479022eb1ac368a871389b635262c505ee368f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/strip-ansi@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/strip-ansi#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/strip-ansi/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/strip-ansi.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ansi-regex@3.0.0",
+ "name": "ansi-regex",
+ "version": "3.0.0",
+ "description": "Regular expression for matching ANSI escape codes",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ed0317c322064f79466c02966bddb605ab37d998"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ansi-regex@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/ansi-regex#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/ansi-regex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/ansi-regex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ansi-escapes@3.2.0",
+ "name": "ansi-escapes",
+ "version": "3.2.0",
+ "description": "ANSI escape codes for manipulating the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "701869adee266be5344f5a0ce5f5e0ec3cb5270ef3cf0bfb96dfc6a02a6bfa10d02686272953cb2f8742bd210532642eace42f4abc13ed22ff0c0961048f7b45"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ansi-escapes@3.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/ansi-escapes#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/ansi-escapes/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/ansi-escapes.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-changed-files@24.9.0",
+ "name": "jest-changed-files",
+ "version": "24.9.0",
+ "description": "A module used internally by Jest to check which files have changed since you last committed in git or hg.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e9a4d6a5eda61c5d0384bdbc5a37643bc2f21a3b37cc8b4f113e1b31279753a4f7b9be053ccc3e99c39c6dd19740e01f98b731a1f0f6dffe4197d678024170aa"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-changed-files@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-resolve-dependencies@24.9.0",
+ "name": "jest-resolve-dependencies",
+ "version": "24.9.0",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "166edbe809569d8853d015f2e215e969cb4722a111edeacd808b08a330d75a5e5d566fa4f1774655ed684e0d49c9a1673b16ab3046dac77c32449a863f63eafa"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-resolve-dependencies@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/facebook/jest#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jest-watcher@24.9.0",
+ "name": "jest-watcher",
+ "version": "24.9.0",
+ "description": "Delightful JavaScript Testing.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "fbf7cb39f28f5d76090d8964b3adbfe11e06a13f86535b5865e77df494823ac9b392417bef6ed1a8aae3340c6d7cee18a46bf5d70c9b811bc28d1ef794ad8667"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jest-watcher@24.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://jestjs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/facebook/jest/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/facebook/jest.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-each-series@1.0.0",
+ "name": "p-each-series",
+ "version": "1.0.0",
+ "description": "Iterate over promises serially",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "930f3d12dd1f50e7434457a22cd6f04ac6ad7f71"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-each-series@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-each-series#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-each-series/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-each-series.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-reduce@1.0.0",
+ "name": "p-reduce",
+ "version": "1.0.0",
+ "description": "Reduce a list of values using promises into a promise for a value",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "18c2b0dd936a4690a529f8231f58a0fdb6a47dfa"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-reduce@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-reduce#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-reduce/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-reduce.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/prompts@2.3.2",
+ "name": "prompts",
+ "version": "2.3.2",
+ "description": "Lightweight, beautiful and user-friendly prompts",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "434eae2acd8290d615203d15ab07c097d9a2a68f7dce406ffe7d89b5663cf58c5add969b592aecd1ed8a4ee74a55ade978b52f61731e7c3a8895e2cf55405930"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/prompts@2.3.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/terkelg/prompts#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/terkelg/prompts/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/terkelg/prompts.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/kleur@3.0.3",
+ "name": "kleur",
+ "version": "3.0.3",
+ "description": "The fastest Node.js library for formatting terminal text with ANSI colors~!",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "793233955392511f89c5d0c57a911870132d67d42a75e7feae7cd675166e31b3b2c2ee6d3b6c3637baea8e800d67993dbf2c212fa06bd55463508813431e04f3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/kleur@3.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lukeed/kleur#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lukeed/kleur/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lukeed/kleur.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/sisteransi@1.0.5",
+ "name": "sisteransi",
+ "version": "1.0.5",
+ "description": "ANSI escape codes for some terminal swag",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6cb186951d50c417329e7d9de589835f83068e566fcb631104344d1cb27c548ea5ebef45522c9314d27422f78e48fd1b7178150cf45c7c6a80d298daa94a5f56"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/sisteransi@1.0.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/terkelg/sisteransi#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/terkelg/sisteransi/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/terkelg/sisteransi.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/npm-run-all@4.1.5",
+ "name": "npm-run-all",
+ "version": "4.1.5",
+ "description": "A CLI tool to run multiple npm-scripts in parallel or sequential.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3a8f368090c055c68c762de7ba82856af9081c1455a90d6abcc6fef4b1e4fdc1783fa0769bc68fd388467fba0beb067d06e1b05f5a2794b869ba8a1f4b2a100d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/npm-run-all@4.1.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mysticatea/npm-run-all"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mysticatea/npm-run-all/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mysticatea/npm-run-all.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/memorystream@0.3.1",
+ "name": "memorystream",
+ "version": "0.3.1",
+ "description": "This is lightweight memory stream module for node.js.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "86d7090b30ce455d63fbae12dda51a47ddcaf9b2"
+ }
+ ],
+ "purl": "pkg:npm/memorystream@0.3.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/JSBizon/node-memorystream"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/JSBizon/node-memorystream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/JSBizon/node-memorystream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pidtree@0.3.1",
+ "name": "pidtree",
+ "version": "0.3.1",
+ "description": "Cross platform children list of a PID",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a906d6f7884b1c4a8283b9e16f2e32442ec6dbe8d81d8e1182e7366e3c3b52e83818826ebb5b6f7f6b87699bf943ccddb7e58a27aa8ad45388e9a99a594a3914"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pidtree@0.3.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://github.com/simonepri/pidtree#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/simonepri/pidtree/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/simonepri/pidtree.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/shell-quote@1.7.2",
+ "name": "shell-quote",
+ "version": "1.7.2",
+ "description": "quote and parse shell commands",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "991cff9bf255b1c0ab90cc8fa8773f6dcce2dce40790b4ea5c7105bb4cc384afea7efdd470e03849599108b9a8b386e18ebf5e91542e6e3fd1ef068a6a99a242"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/shell-quote@1.7.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/substack/node-shell-quote"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/substack/node-shell-quote/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/substack/node-shell-quote.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/string.prototype.padend@3.1.0",
+ "name": "string.prototype.padend",
+ "version": "3.1.0",
+ "description": "ES2017 spec-compliant String.prototype.padEnd shim.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dda22ff057dda7c1198fc88bc11106a506946623f2ad6ae9ccc047be48925bf6cafc41af7bd9e9d3b570cbb209e706b2769197cd066efc5f0ecdedbf21690168"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/string.prototype.padend@3.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/es-shims/String.prototype.padEnd#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/es-shims/String.prototype.padEnd/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/es-shims/String.prototype.padEnd.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pm-srp@1.0.0",
+ "name": "pm-srp",
+ "version": "1.0.0",
+ "description": "ProtonMail SRP and auth library",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pm-srp@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ProtonMail/pm-srp#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ProtonMail/pm-srp/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ProtonMail/pm-srp.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/esm@3.2.25",
+ "name": "esm",
+ "version": "3.2.25",
+ "description": "Tomorrow's ECMAScript modules today!",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "535b2e899da80d55afe333cee7a4b435c47942b8846a11ad74dd8e47a162386e1626f723055141d2a238f9e2a85851f8f373ca1ae2eebba57c6784f983add454"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/esm@3.2.25",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/standard-things/esm#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/standard-things/esm/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/standard-things/esm.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pmcrypto@6.3.11",
+ "name": "pmcrypto",
+ "version": "6.3.11",
+ "description": "[](https://circleci.com/gh/ProtonMail/pmcrypto)",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pmcrypto@6.3.11",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ProtonMail/pmcrypto#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ProtonMail/pmcrypto/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ProtonMail/pmcrypto.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/openpgp@4.4.12",
+ "group": "@types",
+ "name": "openpgp",
+ "version": "4.4.12",
+ "description": "TypeScript definitions for openpgp",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f2f7742d03b8390c375ae783498019731948b720d68bb342797a31bc221e3d14599d7e14f687432d8e6b2bb8479d782711ab50815623b56a02e6d13bac7044a8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/openpgp@4.4.12",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/bn.js@4.11.6",
+ "group": "@types",
+ "name": "bn.js",
+ "version": "4.11.6",
+ "description": "TypeScript definitions for bn.js",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a6aafce7b8eba7690fb8ef6e4636773f09c94e3a10cbe7dc771bc14ef1e6e9d92610bf6afa10c3ff68ffd042ce04fb4f9d2f0b8c25f4808f676e5f2556469da6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/bn.js@4.11.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/node@14.0.24",
+ "group": "@types",
+ "name": "node",
+ "version": "14.0.24",
+ "description": "TypeScript definitions for Node.js",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6edb7fa0d3a20d6712b88ef6d4c74bf154069e3b0a8e54cc76b2b24dc2c229e429fe7e0000c149f7ad7031ba7ed3dcbc5ae18f0a50c4bf4ed1208b5d5ca21700"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/node@14.0.24",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/openpgp@4.10.7",
+ "name": "openpgp",
+ "version": "4.10.7",
+ "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "fbb1240ff6ed9ef2321a4b25074a775b5db7bbf75a8cc05c7f331f3887af95904fbc258b2571b380d14c3390985d43484de054a710b1c201de9e2aabf947c449"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "LGPL-3.0+"
+ }
+ }
+ ],
+ "purl": "pkg:npm/openpgp@4.10.7",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://openpgpjs.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/openpgpjs/openpgpjs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/openpgpjs/openpgpjs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/asn1.js@5.4.1",
+ "name": "asn1.js",
+ "version": "5.4.1",
+ "description": "ASN.1 encoder and decoder",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f88fffe1c60f71c57c2dd9812e25fc098bdff52a77bd0b2baaed9035745cadb896bdcc7f51d9458aa509273c5143182c666be15e19f871229e4a6a058d576ea4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/asn1.js@5.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/indutny/asn1.js"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/indutny/asn1.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/indutny/asn1.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/bn.js@4.11.9",
+ "name": "bn.js",
+ "version": "4.11.9",
+ "description": "Big number implementation in pure javascript",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "13a42862a08a65f81ab474dd1f3b3545128fee2a78bef9be132454784d9117435b97056f6f4a7a8d255e353385c4f9f6e905cdda8e9231f3712a9ea453ccd06b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/bn.js@4.11.9",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/indutny/bn.js"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/indutny/bn.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/indutny/bn.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/minimalistic-assert@1.0.1",
+ "name": "minimalistic-assert",
+ "version": "1.0.1",
+ "description": "minimalistic-assert ===",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "52d25c003e3211a1ad8cf7b35ae3bdc02e27c149d51fff3f226df210740fe1bebb717943fd0afd85d213094d710db4845e0d9728d68ff23b11795eef41dd34fc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/minimalistic-assert@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/calvinmetcalf/minimalistic-assert"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/calvinmetcalf/minimalistic-assert/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/calvinmetcalf/minimalistic-assert.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/node-fetch@2.6.0",
+ "name": "node-fetch",
+ "version": "2.6.0",
+ "description": "A light-weight module that brings window.fetch to node.js",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f1d1b81f9ba37ef162a83995bbd7d0e5b387502d7924c8cc63f66e9afdbaa0ebef5498ccebb285f24a0258869b290d462486bdaf698c66c701abf4db74e72634"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/node-fetch@2.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/bitinn/node-fetch"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/bitinn/node-fetch/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/bitinn/node-fetch.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/node-localstorage@1.3.1",
+ "name": "node-localstorage",
+ "version": "1.3.1",
+ "description": "A drop-in substitute for the browser native localStorage API that runs on node.js.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "34c58249659ce896c74f93f25a5353da2f2becf806617567b6629ac18f3793f33450949c6798e2adbeb54cb9ea2b077cd790df050bbe951dec470d3c48fcc869"
+ }
+ ],
+ "purl": "pkg:npm/node-localstorage@1.3.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lmaccherone/node-localstorage"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lmaccherone/node-localstorage/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/lmaccherone/node-localstorage.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/write-file-atomic@1.3.4",
+ "name": "write-file-atomic",
+ "version": "1.3.4",
+ "description": "Write files in an atomic fashion w/configurable ownership",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f807a4f0b1d9e913ae7a48112e6cc3af1991b45f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/write-file-atomic@1.3.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/iarna/write-file-atomic"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/iarna/write-file-atomic/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/iarna/write-file-atomic.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/slide@1.1.6",
+ "name": "slide",
+ "version": "1.1.6",
+ "description": "A flow control lib small enough to fit on in a slide presentation. Derived live at Oak.JS",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "56eb027d65b4d2dce6cb2e2d32c4d4afc9e1d707"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/slide@1.1.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/slide-flow-control#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/slide-flow-control/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/slide-flow-control.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/popper.js@1.16.1",
+ "name": "popper.js",
+ "version": "1.16.1",
+ "description": "A kickass library to manage your poppers",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "59be29d49e33c854db33ebba5ae3b85ecb58c782b2f427b07b80d6ade97b074c3a555202bcfc1d3a9a2d8f371fe9e0fc4ec72456720c34e350c8f21414e51b09"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/popper.js@1.16.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://popper.js.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/FezVrasta/popper.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/FezVrasta/popper.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/prettier@1.19.1",
+ "name": "prettier",
+ "version": "1.19.1",
+ "description": "Prettier is an opinionated code formatter",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b3b3e8c83bff208d4e6e042e9c26c1f4f74b99470165c9d639cc4387b3b437f5300c4b07caa916f90876f235be995b82771ee02c1d01a2d608d58eae23d8b27b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/prettier@1.19.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://prettier.io"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/prettier/prettier/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/prettier/prettier.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/proton-i18n@2.1.5",
+ "name": "proton-i18n",
+ "version": "2.1.5",
+ "description": "CLI to manage translations for client apps",
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/proton-i18n@2.1.5"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/angular-gettext-cli@1.1.2",
+ "name": "angular-gettext-cli",
+ "version": "1.1.2",
+ "description": "A command line interface for angular gettools",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-gettext-cli@1.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/huston007/angular-gettext-cli"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/huston007/angular-gettext-cli/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/huston007/angular-gettext-cli.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/angular-gettext-tools@2.5.3",
+ "name": "angular-gettext-tools",
+ "version": "2.5.3",
+ "description": "Tools for extracting/compiling angular-gettext strings.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "fd2c813213f0312a1ab194577cc917b0ac5a0079031c7685af78c032a3ee877c06349f2cf4b7c728e1b370cd055b6986228b66175091a162a05081cc0b051872"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/angular-gettext-tools@2.5.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://angular-gettext.rocketeer.be/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/rubenv/angular-gettext-tools/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/rubenv/angular-gettext-tools.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/binary-search@1.3.6",
+ "name": "binary-search",
+ "version": "1.3.6",
+ "description": "tiny binary search function with comparators",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9db1355b13934eb51621fb1f678687198bb90ceb8d91bc46a248d5e99da4c5f24adee6806fcccd2b59aecce7a2a682c76632274f806bf3c047a737af73af35c4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/binary-search@1.3.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/darkskyapp/binary-search#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/darkskyapp/binary-search/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/darkskyapp/binary-search.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pofile@1.0.11",
+ "name": "pofile",
+ "version": "1.0.11",
+ "description": "Parse and serialize Gettext PO files.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "572f5e1f57510fdc078d8b7f42a5dc4f3f919d7ff3839df12be2a58c5497df43ef74331bdb3f9ceae0d479b9541aaa89833dd016c765034209bc7ce23e65ad42"
+ }
+ ],
+ "purl": "pkg:npm/pofile@1.0.11",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://github.com/rubenv/pofile"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/rubenv/pofile/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/rubenv/pofile.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/chalk@4.1.0",
+ "name": "chalk",
+ "version": "4.1.0",
+ "description": "Terminal string styling done right",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ab0c75d80c577b6439c50e3701cfff23abf96974e2a58ad211274e833acdfbd5e3804a728e92aebd219a378a84f777fb4d04e57ab410f12f844341320e854bd4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/chalk@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/chalk#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/chalk/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/chalk.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ansi-styles@4.2.1",
+ "name": "ansi-styles",
+ "version": "4.2.1",
+ "description": "ANSI escape codes for styling strings in the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f551a3accb06d6f78fc5c4b0790b0ddb4298fdce3337487d7cb8ea01bc1b3df6a1337b7e34bf8cf470bcc5e5c6d88f295f93686a64c636ea26114148edf7148c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ansi-styles@4.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/ansi-styles#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/ansi-styles/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/ansi-styles.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/color-name@1.1.1",
+ "group": "@types",
+ "name": "color-name",
+ "version": "1.1.1",
+ "description": "TypeScript definitions for color-name",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "aebf8e432023c737bb1a05ab49a270c9d1d2b48847ab696f63704e0b6323eca9f323b5cad14c354ce39d23d943a1a8c46d258b898828a387f5479d5ead07e13d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/color-name@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/color-convert@2.0.1",
+ "name": "color-convert",
+ "version": "2.0.1",
+ "description": "Plain color conversion functions",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4511023ec8fb8aeff16f9a0a61cb051d2a6914d9ec8ffe763954d129be333f9a275f0545df3566993a0d70e7c60be0910e97cafd4e7ce1f320dfc64709a12529"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/color-convert@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Qix-/color-convert#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Qix-/color-convert/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/Qix-/color-convert.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/color-name@1.1.4",
+ "name": "color-name",
+ "version": "1.1.4",
+ "description": "A list of color names and its values",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "74ecbedc0b96ddadb035b64722e319a537208c6b8b53fb812ffb9b71917d3976c3a3c7dfe0ef32569e417f479f4bcb84a18a39ab8171edd63d3a04065e002c40"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/color-name@1.1.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/colorjs/color-name"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/colorjs/color-name/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/colorjs/color-name.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/supports-color@7.1.0",
+ "name": "supports-color",
+ "version": "7.1.0",
+ "description": "Detect whether a terminal supports color",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a11488a51f29c53d56af616ab9336719eb7bf5bdc15a58ea3aea16fe1e28061c49fc751b5f99d7e894abb9392f5c30853300cfbec6934dbbcc2ca6564b2d11e6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/supports-color@7.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/supports-color#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/supports-color/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/supports-color.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has-flag@4.0.0",
+ "name": "has-flag",
+ "version": "4.0.0",
+ "description": "Check if argv has a specific flag",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1329094ff4352a34d672da698080207d23b4b4a56e6548e180caf5ee4a93ba6325e807efdc421295e53ba99533a170c54c01d30c2e0d3a81bf67153712f94c3d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has-flag@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/has-flag#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/has-flag/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/has-flag.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/dedent@0.7.0",
+ "name": "dedent",
+ "version": "0.7.0",
+ "description": "An ES6 string tag that strips indentation from multi-line strings",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2495ddbaf6eb874abb0e1be9df22d2e5a544326c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/dedent@0.7.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/dmnd/dedent"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/dmnd/dedent/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/dmnd/dedent.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/dotenv@8.2.0",
+ "name": "dotenv",
+ "version": "8.2.0",
+ "description": "Loads environment variables from .env file",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f2c27bf049696c32411cd781cd46d454bb2a29d71c69afc15c5d6e3d3c371abbd04c182b42bb4e6ebda652b137f2fcd877c704bfe9bf2417c32e2a1871f5e86b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/dotenv@8.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/motdotla/dotenv#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/motdotla/dotenv/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/motdotla/dotenv.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/execa@4.0.3",
+ "name": "execa",
+ "version": "4.0.3",
+ "description": "Process execution for humans",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5850d71877245cf5995f5f6dd640ac5f33a9a97f4b59836a9f80be1ea66593f5748a64e4cc966a7fced9061be91da7ed1116249e99347e34b29675d5955808d0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/execa@4.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/execa#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/execa/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/execa.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cross-spawn@7.0.3",
+ "name": "cross-spawn",
+ "version": "7.0.3",
+ "description": "Cross platform child_process#spawn and child_process#spawnSync",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8910cf24a50f544343edd1cf3bcae46ce9cfa720f281c0c5b568e9796342832f163f6ad77315cbf13b2445e425e8eac1d86efe509ada82cd6ad7916e75cec6eb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cross-spawn@7.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/moxystudio/node-cross-spawn"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/moxystudio/node-cross-spawn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/moxystudio/node-cross-spawn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/path-key@3.1.1",
+ "name": "path-key",
+ "version": "3.1.1",
+ "description": "Get the PATH environment variable key cross-platform",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a2399e374a9dfb2d23b3312da18e3caf43deab97703049089423aee90e5fe3595f92cc17b8ab58ae18284e92e7c887079b6e1486ac7ee53aa6d889d2c0b844e9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/path-key@3.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/path-key#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/path-key/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/path-key.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/shebang-command@2.0.0",
+ "name": "shebang-command",
+ "version": "2.0.0",
+ "description": "Get the command from a shebang",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "907c6bdb366962d766acdd6a0e3aeb5ff675ad1d641bc0f1fa09292b51b87979af5ecc26704d614d6056614ce5ada630d7fc99a7a62e0d8efb62dbdb3747660c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/shebang-command@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kevva/shebang-command#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kevva/shebang-command/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/kevva/shebang-command.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/shebang-regex@3.0.0",
+ "name": "shebang-regex",
+ "version": "3.0.0",
+ "description": "Regular expression for matching a shebang line",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "efef9d161b5cc77df9dee05aabc0c347836ec417ad0730bb6503a19934089c711de9b4ab5dd884cb30af1b4ed9e3851874b4a1594c97b7933fca1cfc7a471bd4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/shebang-regex@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/shebang-regex#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/shebang-regex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/shebang-regex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/which@2.0.2",
+ "name": "which",
+ "version": "2.0.2",
+ "description": "Like which(1) unix command. Find the first instance of an executable in the PATH.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "04b2374e5d535b73ef97bd25df2ab763ae22f9ac29c17aac181616924a8cb676d782b303fb28fbae15b492e103c7325a6171a3116e6881aa4a34c10a34c8e26c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/which@2.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/node-which#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/node-which/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/node-which.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/get-stream@5.1.0",
+ "name": "get-stream",
+ "version": "5.1.0",
+ "description": "Get a stream as a string, buffer, or array",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "117af514ecebcd37c678bd2041d78512f38c9b69b330e825ca2397493a4f0be8808c029fb5baf78e908c5b29e883062733e7928fdb0719ceb08c8703bd88b283"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/get-stream@5.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/get-stream#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/get-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/get-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/human-signals@1.1.1",
+ "name": "human-signals",
+ "version": "1.1.1",
+ "description": "Human-friendly process signals",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "48442eeef97c2a334bd9ea0604b177fb0023a6c35f03d5cc9570188ffdc475a35f025c4ab610f5c631107c6394865942186255358df86d1afa94f20d84d8f267"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/human-signals@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://git.io/JeluP"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ehmicky/human-signals/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ehmicky/human-signals.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-stream@2.0.0",
+ "name": "is-stream",
+ "version": "2.0.0",
+ "description": "Check if something is a Node.js stream",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5c2a32f96954afb775f99f06812b979a9b94142f5f3a145782524cc7e7702ca4e42f8e028dde16d59e4ff81419a6bf9c47ddda18fe12fecec5b70e8d77f92213"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-stream@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/is-stream#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/is-stream/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/is-stream.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/npm-run-path@4.0.1",
+ "name": "npm-run-path",
+ "version": "4.0.1",
+ "description": "Get your PATH prepended with locally installed binaries",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4b8f16cd95bbefbce1348ae7ee0c4e94848d02a8bd642fee4059d175b7881e1661080e94aa990e4fc4f51bb06f7dd80fe04afc805e2c51b692d22ed0bc87c25b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/npm-run-path@4.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/npm-run-path#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/npm-run-path/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/npm-run-path.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/onetime@5.1.0",
+ "name": "onetime",
+ "version": "5.1.0",
+ "description": "Ensure a function is only called once",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e4d71290f1e1c1354521037e4d4a97a12e7e7651251d7769016bbd2341cfdb460eb488be699d02b7cda376520b0f18cb1005b0be6faa8f59ba684b6c0d59a6e9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/onetime@5.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/onetime#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/onetime/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/onetime.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mimic-fn@2.1.0",
+ "name": "mimic-fn",
+ "version": "2.1.0",
+ "description": "Make a function mimic another one",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3aa6ce939a0441e019f165d6c9d96ef47263cfd59574422f6a63027179aea946234e49c7fecaac5af850def830285451d47a63bcd04a437ee76c9818cc6a8672"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mimic-fn@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/mimic-fn#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/mimic-fn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/mimic-fn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/strip-final-newline@2.0.0",
+ "name": "strip-final-newline",
+ "version": "2.0.0",
+ "description": "Strip the final newline character from a string/buffer",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "06ba6f7cd004ddd72fabb965df156e9b38ca8d9439b48d6c11420aaf752892cd17525e394addc595ab55a9e7fda6b9388d10f3856e96660fb76e4f77cbaa4b8c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/strip-final-newline@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/strip-final-newline#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/strip-final-newline/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/strip-final-newline.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/tar@6.0.2",
+ "name": "tar",
+ "version": "6.0.2",
+ "description": "tar for node",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1a5a378e446d3dcbe90e502cff4fa1a336afefcca85ca16bf9ce30830eb634d30ede8a3801a25d0a8db552eee5730af9e61dfd5b65c3d4b30445ceb8c2d6c8b6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/tar@6.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/npm/node-tar#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/npm/node-tar/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/npm/node-tar.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/chownr@2.0.0",
+ "name": "chownr",
+ "version": "2.0.0",
+ "description": "like `chown -R`",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6c8a26b43179286a5da2090b77d56ca6f17393d29fa72c86952f18155665ed318f0472f9b2720e9f17ac8705603ed790f5be04c9d97ea556c8c84d4372f09681"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/chownr@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/chownr#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/chownr/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/chownr.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/fs-minipass@2.1.0",
+ "name": "fs-minipass",
+ "version": "2.1.0",
+ "description": "fs read and write streams based on minipass",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "57f26038b1424be47a55cab4b250ae69e58474d0b7a2e0e524c348b1a707d95b402e2bbd995e0b3eb1dce5c0e5f24e5ac3a27c8f08165a9893a39458866233be"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/fs-minipass@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/npm/fs-minipass#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/npm/fs-minipass/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/npm/fs-minipass.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/minipass@3.1.3",
+ "name": "minipass",
+ "version": "3.1.3",
+ "description": "minimal implementation of a PassThrough stream",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "32077619d315cd8fb1dc827ea079d533e286de503973cb6769bc892a61d2686da4006a6e771b8e7fc4e80e486e985ed4ccc13b0de71b404f6e39984d9bb3ee26"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/minipass@3.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/minipass#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/minipass/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/isaacs/minipass.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/yallist@4.0.0",
+ "name": "yallist",
+ "version": "4.0.0",
+ "description": "Yet Another Linked List",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "df074689d672ab93c1d3ce172c44b94e9392440df08d7025216321ba6da445cbffe354a7d9e990d1dc9c416e2e6572de8f02af83a12cbdb76554bf8560472dec"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/yallist@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/yallist#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/yallist/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/isaacs/yallist.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/minizlib@2.1.0",
+ "name": "minizlib",
+ "version": "2.1.0",
+ "description": "A small fast zlib stream built on [minipass](http://npm.im/minipass) and Node.js's zlib binding.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1334d937f7e34af89f497d1296a504442377f68e93e3400c6ab3dbbf432b6ab485b4821308187b6e2f9d53c9f11851eeaacf6374801ea18a0ab90000012b0f3c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/minizlib@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/minizlib#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/minizlib/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/isaacs/minizlib.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mkdirp@1.0.4",
+ "name": "mkdirp",
+ "version": "1.0.4",
+ "description": "Recursively mkdir, like `mkdir -p`",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "bd5a95650c9fdd62f1d9285dd2a27dc6ebea800c8a3cb022a884c4b6a5b4a08523ce8dcf78f0dde9f5bd885cf7d1e7fb62ca7fa225aa6e1b33786596d93e86cf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mkdirp@1.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/node-mkdirp#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/node-mkdirp/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/isaacs/node-mkdirp.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ttag-cli@1.8.3",
+ "name": "ttag-cli",
+ "version": "1.8.3",
+ "description": "> :warning: This project [was previously named `c-3po-cli`](https://github.com/ttag-org/ttag/issues/105). > Some of the talks, presentations, and documentation _may_ reference it with both names.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1d3cca1e1f71fe9ec40a89bbd6355d497c07df89003c549111f2196a5232449f7b3c8077839bbfa9958e93bbfd6a0ace7df3cddc4efbb2e98f16ccd9b1351825"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ttag-cli@1.8.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ttag-org/ttag-cli#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ttag-org/ttag-cli/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/ttag-org/ttag-cli.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-class-properties@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-class-properties",
+ "version": "7.10.4",
+ "description": "This plugin transforms static class properties as well as properties declared with the property initializer syntax",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "be1c241113b1cdc1c636eda6cd40b438514d5dd678336de26fc69145c252b16f0164af6940c0fb401edcb25f7b3416e01993bb6721d4c8a0e7c7339a3f822b0a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-class-properties@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-create-class-features-plugin@7.10.5",
+ "group": "@babel",
+ "name": "helper-create-class-features-plugin",
+ "version": "7.10.5",
+ "description": "Compile class public and private fields, private methods and decorators to ES6",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d2791d7a28c1ed5959a0b4f7aff998ddb524c374fc586fe1370f85013b3febea46db4dfd2095a34d82f4553212aac3473144c49f06d59dcf3d588257f5079dd0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-create-class-features-plugin@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-decorators@7.10.5",
+ "group": "@babel",
+ "name": "plugin-proposal-decorators",
+ "version": "7.10.5",
+ "description": "Compile class and object decorators to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "49ce53010499b8bce0634ebae263039f6e15c363fc83f561c8bc863da5a21da86180ba9e66f7067b20593ab256d2848a20ada6bd0db66b510d5c12102e1ac489"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-decorators@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-decorators@7.10.4",
+ "group": "@babel",
+ "name": "plugin-syntax-decorators",
+ "version": "7.10.4",
+ "description": "Allow parsing of decorators",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d8d6a80ba7c093654c76163579eae47c757e955602d6ef1bfa39912484aa00d089953c58cb5f4719d224910b62c7652d91c3ee3eef8894382b56c7999d4d376f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-decorators@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-export-default-from@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-export-default-from",
+ "version": "7.10.4",
+ "description": "Compile export default to ES2015",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1b5974d15bc367b624db24650b90fc61bbeede099e1d2deb087a1461d8eba86614b5d78e068472a67bc3679290ab1c9a8a21875a754379213303917da3322d8a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-export-default-from@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-export-default-from@7.10.4",
+ "group": "@babel",
+ "name": "plugin-syntax-export-default-from",
+ "version": "7.10.4",
+ "description": "Allow parsing of export default from",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "efd57aafa3e0b9dcf4467b8c1a9e7189dbba67e6cf16e821f3f43d7831e89e62e9e302850190f0ca02706200b3b83bbc94503fb18c93fa6739cb6c2477b6d35c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-export-default-from@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-nullish-coalescing-operator@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-nullish-coalescing-operator",
+ "version": "7.10.4",
+ "description": "Remove nullish coalescing operator",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c2ae67d4cdd95251e5f6ca93da89354f6fcc4ede805c4d1ed4bcf85b3581afde4bb00679a835dee0a9c5b9ab98c84c8b8a886f5c531d6ec3933322d9b3dd5997"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-nullish-coalescing-operator@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3",
+ "group": "@babel",
+ "name": "plugin-syntax-nullish-coalescing-operator",
+ "version": "7.8.3",
+ "description": "Allow parsing of the nullish-coalescing operator",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6927dfe333c8235bb6403ef2f85f280eccf5f5ec3820610983d4955be6eac29c2d7c595e8900cc77303f47e525583cdf9c7142c7195e153d0f308ad1dfa5cb35"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-nullish-coalescing-operator@7.8.3",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/babel/babel/tree/master/packages/babel-plugin-syntax-nullish-coalescing-operator"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-object-rest-spread@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-object-rest-spread",
+ "version": "7.10.4",
+ "description": "Compile object rest and spread to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "eaf8784aa46e2cb6ab8e078e7f811a44e2401e3beef4697eff7e3a3db0c7f7259b2727e727f6a1de3998298b6cc04c82a1666289dbd51e31ec85de1682307d04"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-object-rest-spread@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-parameters@7.10.5",
+ "group": "@babel",
+ "name": "plugin-transform-parameters",
+ "version": "7.10.5",
+ "description": "Compile ES2015 default and rest parameters to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c4f1f0523e5174557c975c2e622bb94bd7ea5863360eb61cdb84ccbd4891acf566f923375dea94f417289105ff90451efa9d91070cbeca8891d70fc196aeae6f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-parameters@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-optional-chaining@7.6.0",
+ "group": "@babel",
+ "name": "plugin-proposal-optional-chaining",
+ "version": "7.6.0",
+ "description": "Transform optional chaining operators into a series of nil checks",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "923e20919eaa520824a6b46add487928ff179c4d4c7483b427b3217435fcfab01b07a749d94ade9ec1884bed0d3d901a689d55af43cdea82d4817314d6e31c4a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-optional-chaining@7.6.0",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/babel/babel/tree/master/packages/babel-plugin-proposal-optional-chaining"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3",
+ "group": "@babel",
+ "name": "plugin-syntax-optional-chaining",
+ "version": "7.8.3",
+ "description": "Allow parsing of optional properties",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2a82bd12b1f53019423f15745403645d6dbf770e2f95b183ac5833f1b994b0119890545c6d1c0c87a70826e6dd3eb931470b8676d0a4d2fff03d329b42006392"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-optional-chaining@7.8.3",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/babel/babel/tree/master/packages/babel-plugin-syntax-optional-chaining"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-dynamic-import@7.8.3",
+ "group": "@babel",
+ "name": "plugin-syntax-dynamic-import",
+ "version": "7.8.3",
+ "description": "Allow parsing of import()",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e607466c5a27f8fb33633aacf374b71399a98bbff2ffc33d782f743114d97ddb903985bbea283a48e48f35ee35206e4ba0fdc51819f6374463543490892f7891"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-dynamic-import@7.8.3",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/babel/babel/tree/master/packages/babel-plugin-syntax-dynamic-import"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/preset-env@7.10.4",
+ "group": "@babel",
+ "name": "preset-env",
+ "version": "7.10.4",
+ "description": "A Babel preset for each environment.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b5c9ae43abeea5f3193eb2eb737f1dd2c1763a32d3dff6d9d1daf2e4772134241bae8928422e2b797a9c96f924013e5bfa059cdb799e556a6f7b93ffefec3fcf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/preset-env@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/compat-data@7.10.5",
+ "group": "@babel",
+ "name": "compat-data",
+ "version": "7.10.5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "98f56858dcc8a582476d68ded227fb0a4dfa6e96ed4ef2313a2f7ee9648af708c611779aac0aa5c01a1342f563b00636548c2072cf15f78d20798de893344213"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/compat-data@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/browserslist@4.13.0",
+ "name": "browserslist",
+ "version": "4.13.0",
+ "description": "Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "30835ab49e5936b2e743a6e51af78f77f40ecfd5edbbe35efb1dbd8904821df914e41ba029527064a9ff8a22fc51ba48a5adc986f88a8f3f97c4ca349b671a15"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/browserslist@4.13.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/browserslist/browserslist#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/browserslist/browserslist/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/browserslist/browserslist.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/caniuse-lite@1.0.30001105",
+ "name": "caniuse-lite",
+ "version": "1.0.30001105",
+ "description": "A smaller version of caniuse-db, with only the essentials!",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "26ea4e7baf9d18cafb136d2c8991c8650c18aab965c68b4086269e8fdeb2eb1d346ffe3cacfb78da8f92cce4823dbae9b035af4636b8d07c2b8f4834aba2d926"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "CC-BY-4.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/caniuse-lite@1.0.30001105",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ben-eb/caniuse-lite#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ben-eb/caniuse-lite/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ben-eb/caniuse-lite.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/electron-to-chromium@1.3.502",
+ "name": "electron-to-chromium",
+ "version": "1.3.502",
+ "description": "Provides a list of electron-to-chromium version mappings",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4c879739a1c0bdf3fb15e98652d009c52b6639cd5814658536a75ecbfe0d938d4bf5bd673260d50c634c21685926f39f2718b1e82bf914612704afb2bf0dd44e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/electron-to-chromium@1.3.502",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kilian/electron-to-chromium#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kilian/electron-to-chromium/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/kilian/electron-to-chromium.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/escalade@3.0.2",
+ "name": "escalade",
+ "version": "3.0.2",
+ "description": "A tiny (183B to 210B) and fast utility to ascend parent directories",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "80f600537ee16025215b97ae3de47e63be05ec12fe201b15f778f972f1ab892683d5a1ba306b2ab15d726a645dad6adbda3dda899bdbd17f9404e5a9c77256b5"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/escalade@3.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/lukeed/escalade#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lukeed/escalade/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lukeed/escalade.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/node-releases@1.1.59",
+ "name": "node-releases",
+ "version": "1.1.59",
+ "description": "Node.js releases data",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1f726b7547336dd8b0c4de45b893f20879c61c816a434c16c68fbd8f59005c0cea34c007968fb823fb18631a722b48ab43bdc781d8b2cc3df6a2a403714d8eb3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/node-releases@1.1.59",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chicoxyzzy/node-releases#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chicoxyzzy/node-releases/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chicoxyzzy/node-releases.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-compilation-targets@7.10.4",
+ "group": "@babel",
+ "name": "helper-compilation-targets",
+ "version": "7.10.4",
+ "description": "Engine compat data used in @babel/preset-env",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6b7ad8865b06574507343bebb4e5c183cfcea5f57438a4e4c4a3f3229952d73a71ec2ca00dc596c5c93165e0ddde0ccfcc2e24513d00e275450cad3018c87831"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-compilation-targets@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/levenary@1.1.1",
+ "name": "levenary",
+ "version": "1.1.1",
+ "description": "[](https://www.npmjs.com/package/levenary) [](https://github.com/tanhauhau/levenary/actions)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9a401d388b7bf450fa8abaa3612b38add6e7953e6f4689cc12f0553d56f75e67af7d2f248115f07deb347613dd12dcd3583ff578d13f066fc6d6246de8372741"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/levenary@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/tanhauhau/levenary#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/tanhauhau/levenary/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/tanhauhau/levenary.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-async-generator-functions@7.10.5",
+ "group": "@babel",
+ "name": "plugin-proposal-async-generator-functions",
+ "version": "7.10.5",
+ "description": "Turn async generator functions into ES2015 generators",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "70d30255ecd06eb446bd72709bd7eeff5b098fd6c77460202a875974ba8e408a5fa07deb6aa9913c1335efe961ec2ce188a45106b1ad64bf56723c52a066144a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-async-generator-functions@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-remap-async-to-generator@7.10.4",
+ "group": "@babel",
+ "name": "helper-remap-async-to-generator",
+ "version": "7.10.4",
+ "description": "Helper function to remap async functions to generators",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f3a2ecafa34dc37a93365f9305c175a1164c695cc9b5b593c93928f8240bfedbcdbdc19810529b2d70cfc6d5b41ca93731c34e9382b3639e62b465820062b9b6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-remap-async-to-generator@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-annotate-as-pure@7.10.4",
+ "group": "@babel",
+ "name": "helper-annotate-as-pure",
+ "version": "7.10.4",
+ "description": "Helper function to annotate paths and nodes with #__PURE__ comment",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5d096a2903f8bd7141ec137c7c411eaeb998bc7a777cafeb064445cfd8da25bccad01d4349f7a3f4a73b67313c67f3a721dd63a4974d019dc11508d61baf2b70"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-annotate-as-pure@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-wrap-function@7.10.4",
+ "group": "@babel",
+ "name": "helper-wrap-function",
+ "version": "7.10.4",
+ "description": "Helper to wrap functions inside a function call.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ea9cb8e56bc417432188baddc6d4632a3b9fc0b2f5fe86f6a8326083926035da2304065200a9c08e4c8e08dba0ea7f8e065e155bbe978ef81215375a31c5b452"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-wrap-function@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4",
+ "group": "@babel",
+ "name": "plugin-syntax-async-generators",
+ "version": "7.8.4",
+ "description": "Allow parsing of async generator functions",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b727266719067d96b184c45b5e53d7b95169756957a62af65b800c85226044ace4fde0e52173a16f62c75a82e90c5ed3107ca5579ccd872917e8a0201c999337"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-async-generators@7.8.4",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/babel/babel/tree/master/packages/babel-plugin-syntax-async-generators"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-dynamic-import@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-dynamic-import",
+ "version": "7.10.4",
+ "description": "Transform import() expressions",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ba9ea8203d4b7a274e38048d5e0bff0856e006a4ee289d1c263cfa027e6d583f8d541365a7754d481c6fd99754ed2625dcdc490bb6a00100c0a59bac57ab85c1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-dynamic-import@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-json-strings@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-json-strings",
+ "version": "7.10.4",
+ "description": "Escape U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7c22fb405d09a3cdeecb52b43f6617adf5f5d6d8f7964a4dee5e1d32ff58f55928c24864403c051c577c222c322b93198c4f14a5b82892482d711787f3c01b6b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-json-strings@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3",
+ "group": "@babel",
+ "name": "plugin-syntax-json-strings",
+ "version": "7.8.3",
+ "description": "Allow parsing of the U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR in JS strings",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "958ea4746a561ef8e87b6be4e16ac06a912e051ebd10cc5997e46819186b14635854af2638f016f157db4ff660ac56d794336289ac509c0b6054267a8efdf410"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-json-strings@7.8.3",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/babel/babel/tree/master/packages/babel-plugin-syntax-json-strings"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-numeric-separator@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-numeric-separator",
+ "version": "7.10.4",
+ "description": "Remove numeric separators from Decimal, Binary, Hex and Octal literals",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ef7fc6ed0a11a1e3642d9171b28082be58387b313878cfb9ecf9ceaa068f3a8cdde66c9f8fba749ae0f5991549bdb5166cecc3faadcda366d66da2b2f8327c0c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-numeric-separator@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4",
+ "group": "@babel",
+ "name": "plugin-syntax-numeric-separator",
+ "version": "7.10.4",
+ "description": "Allow parsing of Decimal, Binary, Hex and Octal literals that contain a Numeric Literal Separator",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f47e9875f91c2bfb8e9d8fcaeff680db1a73680824427dfbcb35943112bb39a3cea8ea464b5fa7d07e61c53f40530f44b128cf5bc495c8c270611b56b375f7ba"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-numeric-separator@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-optional-catch-binding@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-optional-catch-binding",
+ "version": "7.10.4",
+ "description": "Compile optional catch bindings",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2df953ea73e1f862b6327162283c8b8aa4aa5479109d57fb85da00bf24e79ca8fdc41ddda1c191b1d3eec69eaaaaa5b5f627cadf181cf54e7f170ad2682357e6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-optional-catch-binding@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3",
+ "group": "@babel",
+ "name": "plugin-syntax-optional-catch-binding",
+ "version": "7.8.3",
+ "description": "Allow parsing of optional catch bindings",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e953c3d0f7359694eac3468aa1e45332207e916840a13db83c0fa4b16481ac5b65e52211569665c0ddcd34f4237a103613ff75155dd18cb5a855382559c495dd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-optional-catch-binding@7.8.3",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/babel/babel/tree/master/packages/babel-plugin-syntax-optional-catch-binding"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-optional-chaining@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-optional-chaining",
+ "version": "7.10.4",
+ "description": "Transform optional chaining operators into a series of nil checks",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "64885020479abd3828bb231275945aa7854f3c7a89277344b3672e1ece69d1eac7fa2cfa921074a9f814f20ed4b89906f3cf9f04ccb6dd9894fa7b87bde90979"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-optional-chaining@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-private-methods@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-private-methods",
+ "version": "7.10.4",
+ "description": "This plugin transforms private class methods",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c21e462657ae23c9377a68138392a424aea41cdb0612bd2e0530c1b9050127072493dc6cd5ecfbf62a21784555c4c2f23ec701d0b7e46d51ec950a88cd657a07"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-private-methods@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-proposal-unicode-property-regex@7.10.4",
+ "group": "@babel",
+ "name": "plugin-proposal-unicode-property-regex",
+ "version": "7.10.4",
+ "description": "Compile Unicode property escapes in Unicode regular expressions to ES5.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1feddf3a03e711714bf73198b4a41ee080ce3ca62565d17592a14341145bf0f2b807c69fd6f0062b4e2d179890000b2e8be98734141202d776fe77440def70b8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-proposal-unicode-property-regex@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-create-regexp-features-plugin@7.10.4",
+ "group": "@babel",
+ "name": "helper-create-regexp-features-plugin",
+ "version": "7.10.4",
+ "description": "Compile ESNext Regular Expressions to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dbf86ee7c2043ca7a82c5e390c1c31dd716ab1b0979a47406b2e2ca55af6c748d8811c6b48da7e78fc2f4accbd83a61268d0dc2884153d79353aff12d9e764da"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-create-regexp-features-plugin@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-regex@7.10.5",
+ "group": "@babel",
+ "name": "helper-regex",
+ "version": "7.10.5",
+ "description": "Helper function to check for literal RegEx",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ebc91d500cc3ae58ea06b8a8ec36001200a8247c69a493844473a03ab0cded68ceccfd194352ec48345771e9b355968bbe3689b0910449beaab7ece736e10d0e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-regex@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/regexpu-core@4.7.0",
+ "name": "regexpu-core",
+ "version": "4.7.0",
+ "description": "regexpu’s core functionality (i.e. `rewritePattern(pattern, flag)`), capable of translating ES6 Unicode regular expressions to ES5.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4d0e0a5d19c89fab73ead8e7ad71240ffb2c87280a1ff8f92b32bce97f0c91e1f267caacb7f2d9f3d8f75f8ffc1c421f1c03531483ff01b5da91e46158897961"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/regexpu-core@4.7.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://mths.be/regexpu"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mathiasbynens/regexpu-core/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mathiasbynens/regexpu-core.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/regenerate@1.4.1",
+ "name": "regenerate",
+ "version": "1.4.1",
+ "description": "Generate JavaScript-compatible regular expressions based on a given set of Unicode symbols or code points.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8f6f82f3e36d5d0804296938f4c30fe4ffeed868676a14ed5644481ebe51e6555195b2af990fa84be03968b296a7699ae55913f2c87abfebf885b1f460747ae8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/regenerate@1.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://mths.be/regenerate"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mathiasbynens/regenerate/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mathiasbynens/regenerate.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/regenerate-unicode-properties@8.2.0",
+ "name": "regenerate-unicode-properties",
+ "version": "8.2.0",
+ "description": "Regenerate sets for Unicode properties and values.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "17d0e3635bca2e8fed3de3c3c9cb87ddd9fd1f53933c89150fd2b3e0b383bbe1760bbe66823009ef1fe0c32e9971235100092136525238745ef24de9f8af5684"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/regenerate-unicode-properties@8.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mathiasbynens/regenerate-unicode-properties"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mathiasbynens/regenerate-unicode-properties/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mathiasbynens/regenerate-unicode-properties.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/regjsgen@0.5.2",
+ "name": "regjsgen",
+ "version": "0.5.2",
+ "description": "Generate regular expressions from regjsparser’s AST.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "385153dcc7eb1fdd31216f0e392c94ae4e901c3e44f49393786a1d8897814b727a230960cc930d13fd5b664956cf9a1383ef5d08cc847ad725bc255738fa0ddc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/regjsgen@0.5.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/bnjmnt4n/regjsgen"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/bnjmnt4n/regjsgen/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/bnjmnt4n/regjsgen.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/regjsparser@0.6.4",
+ "name": "regjsparser",
+ "version": "0.6.4",
+ "description": "Parsing the JavaScript's RegExp in JavaScript.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "eb83bceff74f0e07e4f3f450a82e20919a06cb25852045134e1f34094e825ae2b9be4086c9e908c7ea0a704218b4ffd103149096d0991c236efe675dedfaa527"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/regjsparser@0.6.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jviereck/regjsparser"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jviereck/regjsparser/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/jviereck/regjsparser.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jsesc@0.5.0",
+ "name": "jsesc",
+ "version": "0.5.0",
+ "description": "A JavaScript library for escaping JavaScript strings while generating the shortest possible valid output.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e7dee66e35d6fc16f710fe91d5cf69f70f08911d"
+ }
+ ],
+ "purl": "pkg:npm/jsesc@0.5.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://mths.be/jsesc"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mathiasbynens/jsesc/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mathiasbynens/jsesc.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/unicode-match-property-ecmascript@1.0.4",
+ "name": "unicode-match-property-ecmascript",
+ "version": "1.0.4",
+ "description": "Match a Unicode property or property alias to its canonical property name per the algorithm used for RegExp Unicode property escapes in ECMAScript.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2f8428875e6f4df9edb27e0fd73aa71ee946d0b75782348ed37e5f12976da7a6315e1313e7543abe0339958746ff95f73234be93f63d5f0e1214263d224474ae"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/unicode-match-property-ecmascript@1.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mathiasbynens/unicode-match-property-ecmascript"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mathiasbynens/unicode-match-property-ecmascript/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mathiasbynens/unicode-match-property-ecmascript.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/unicode-canonical-property-names-ecmascript@1.0.4",
+ "name": "unicode-canonical-property-names-ecmascript",
+ "version": "1.0.4",
+ "description": "The set of canonical Unicode property names supported in ECMAScript RegExp property escapes.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8c3acd9d7587778a07893667c7f646ee0b544d5a7e8027134caafc2f41e3970a6144e116dfe1e29be229bc2fb17091057a06a988c67265ed360b2b8e9d199b9d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/unicode-canonical-property-names-ecmascript@1.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mathiasbynens/unicode-canonical-property-names-ecmascript"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mathiasbynens/unicode-canonical-property-names-ecmascript/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mathiasbynens/unicode-canonical-property-names-ecmascript.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/unicode-property-aliases-ecmascript@1.1.0",
+ "name": "unicode-property-aliases-ecmascript",
+ "version": "1.1.0",
+ "description": "Unicode property alias mappings in JavaScript format for property names that are supported in ECMAScript RegExp property escapes.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3ea4a83e1fe959eb50da98688f944b89aa88938902370a15dc223e2df1a658b288deb137925d61e7d5e95f6063803ae66f10fd011b50a1b3c65354a0b8262e42"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/unicode-property-aliases-ecmascript@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mathiasbynens/unicode-property-aliases-ecmascript"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mathiasbynens/unicode-property-aliases-ecmascript/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mathiasbynens/unicode-property-aliases-ecmascript.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/unicode-match-property-value-ecmascript@1.2.0",
+ "name": "unicode-match-property-value-ecmascript",
+ "version": "1.2.0",
+ "description": "Match a Unicode property or property alias to its canonical property name per the algorithm used for RegExp Unicode property escapes in ECMAScript.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c23b901c6415a1f99226fd6e54848a2c4e733b6acd1b333f282619721fd042f7b3ec2d61521048b99ef4d5f617131bae7c914c3e1bf64b22fc0b2a087cc2db21"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/unicode-match-property-value-ecmascript@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/mathiasbynens/unicode-match-property-value-ecmascript"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/mathiasbynens/unicode-match-property-value-ecmascript/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/mathiasbynens/unicode-match-property-value-ecmascript.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-class-properties@7.10.4",
+ "group": "@babel",
+ "name": "plugin-syntax-class-properties",
+ "version": "7.10.4",
+ "description": "Allow parsing of class properties",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "18248117b89495eeab36e81f511c0d982186dd9ff6fa8a7100c2ecd67343e1b8441b93eec53220803068798612ba30252edb2ea733876094203d2de98afc1720"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-class-properties@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.10.4",
+ "group": "@babel",
+ "name": "plugin-syntax-top-level-await",
+ "version": "7.10.4",
+ "description": "Allow parsing of top-level await in modules",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9e2d5bae0e255c4996c9a7caaf471c1569091b409e32de16575a327815ba10539b178a0e1dc95b923e5c011c403d0c80436513ba9949c8ae277e45c830c16fb1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-top-level-await@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-arrow-functions@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-arrow-functions",
+ "version": "7.10.4",
+ "description": "Compile ES2015 arrow functions to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f49fe80f58d5d190817209e815616ad6f25de26b2829bfd30a918d172c8bb74cc005d72f80adda622919f078f3075e1cdba6dcec4dd0d72ba0a701b2d9a4cf34"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-arrow-functions@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-async-to-generator@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-async-to-generator",
+ "version": "7.10.4",
+ "description": "Turn async functions into ES2015 generators",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "17a9d110e6a7ec9e545d32ec0ec646dc35e66525687ebdad18dc1f76b5709035877d07246d05e75d23df0fb88ef9cff61c6ab2730c8b493dc39d9d7a9fe70125"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-async-to-generator@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-block-scoped-functions@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-block-scoped-functions",
+ "version": "7.10.4",
+ "description": "Babel plugin to ensure function declarations at the block level are block scoped",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5b35c36ab4176187e3695d6ccc9bcddc00fbad9819cc2d49b63259f1d30753288af26c4f45a8729e9d78cf33635375643ea3ec3b7f02cf18963b573d01167c24"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-block-scoped-functions@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-block-scoping@7.10.5",
+ "group": "@babel",
+ "name": "plugin-transform-block-scoping",
+ "version": "7.10.5",
+ "description": "Compile ES2015 block scoping (const and let) to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e98730de18e942d8b4aacb10700e803121431de349fbe47a748327a51a948c57810539930cf6bcce017dd0e55f4ef028d75997653955515898d60f1f7eb5112e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-block-scoping@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-classes@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-classes",
+ "version": "7.10.4",
+ "description": "Compile ES2015 classes to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "da867da8b8edd7ad5d9f5644d0cb3aeb10677101f8227f12ab0d585a005466e1952494b97343856572fa74fd8c447ae453f78a85683c0b3149851425e74ad0c4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-classes@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-define-map@7.10.5",
+ "group": "@babel",
+ "name": "helper-define-map",
+ "version": "7.10.5",
+ "description": "Helper function to define a map",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7ccc38920141ef6d1a4055d255a5ebefda638dc5b9a6e4c2335ebeac4089fe99464becc1c9e944f25f670a95751a26f14e7155994b981bd53cc187d01ddcce11"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-define-map@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-computed-properties@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-computed-properties",
+ "version": "7.10.4",
+ "description": "Compile ES2015 computed properties to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "245c150d770ffe133f4dbcb31aade5fd7586badee9e3a67742fa853174df93aff4f66ef164725437dc477ecbfbbeaa83e189df239b9e61d489b57aaa04bca307"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-computed-properties@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-destructuring@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-destructuring",
+ "version": "7.10.4",
+ "description": "Compile ES2015 destructuring to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f9699fbf27ecc85eb4de23daebcdb99aae90adbeee2e34ceb1add7385ce561c6031d24b8426a4e58e2f434d058e6a31bbeb71fdedab40b0fafe25c6cc0e06980"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-destructuring@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-dotall-regex@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-dotall-regex",
+ "version": "7.10.4",
+ "description": "Compile regular expressions using the `s` (`dotAll`) flag to ES5.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "644015bd44c232530501b012612550a3121b1e6d8e906d8cb1e5ba6d5d898c8ca03a3755bfcb6ec6b093ce3d7e4729e1ece0dbf068af532eddcc45f3121b8f68"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-dotall-regex@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-duplicate-keys@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-duplicate-keys",
+ "version": "7.10.4",
+ "description": "Compile objects with duplicate keys to valid strict ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "18bd3f7c99e680c7251e20534d65cd9588d8b00eeb0ebb6c6b31c6ea68256864938742acad6d38aa697e05bcfd14bd0b709211c0158be59aa5347293914df100"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-duplicate-keys@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-exponentiation-operator@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-exponentiation-operator",
+ "version": "7.10.4",
+ "description": "Compile exponentiation operator to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4b91e02d582405c45dc900076ca8feecacae5b1f02eade68113994bb0cf5a6ddd64d6261b14574588217b95bdf5ccc65fd04321ca95208d36d6886a61bc7f2b3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-exponentiation-operator@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-builder-binary-assignment-operator-visitor@7.10.4",
+ "group": "@babel",
+ "name": "helper-builder-binary-assignment-operator-visitor",
+ "version": "7.10.4",
+ "description": "Helper function to build binary assignment operator visitors",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2f4cc6945ac65992b83db4fc02ccd27cb4cce6c0d4d7e033fc49fd56b753f3f2e612226de335edf89bdef430809d071ba8384223edbdcbf2fdde6ac3cdd74272"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-builder-binary-assignment-operator-visitor@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-explode-assignable-expression@7.10.4",
+ "group": "@babel",
+ "name": "helper-explode-assignable-expression",
+ "version": "7.10.4",
+ "description": "Helper function to explode an assignable expression",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e0aef547245034f46b47ce6caf9418e17dd5c06e30b55a17641f7e2f7af51a9dfc0e110bc870ada2fab27518bb7353af6f5ede446890fc50f9b3c25d534532e4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-explode-assignable-expression@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-for-of@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-for-of",
+ "version": "7.10.4",
+ "description": "Compile ES2015 for...of to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "22d7507c0ceef40944aa6bac03feb94ea27bf5e45c8069a93cf16f0671882d7647f7be46d0b3633f5ca31ef1a07ee0b1aab3cfb9e5ce3def85b2fc66c4a8871d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-for-of@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-function-name@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-function-name",
+ "version": "7.10.4",
+ "description": "Apply ES2015 function.name semantics to all functions",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "39c0c2ab6cb9f84d1d543e4c6a04f95fec9345b72f1630c8d99540a2db461fab73aa3c7f2caa609147a9bb7869feee2d641cf1c69346c0bb00bc606f436989ce"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-function-name@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-literals@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-literals",
+ "version": "7.10.4",
+ "description": "Compile ES2015 unicode string and number literals to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5ddfdd1524c456e5169f266232eefafc89d9c4b4d88a5392af55251d5fa9d75e59fcb7b6162d4a5e4254633d1be360df9dda2cb5894fb9bde6f194d094c6a2a9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-literals@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-member-expression-literals@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-member-expression-literals",
+ "version": "7.10.4",
+ "description": "Ensure that reserved words are quoted in property accesses",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d1b14ebcfc80a13061b5c24bafd55cc19a8a9928c59a5d62571bcf2f445ea26194e77097e771ec3388764b372435d910707a31d5ba40ab3c41235634f4b9414b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-member-expression-literals@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-modules-amd@7.10.5",
+ "group": "@babel",
+ "name": "plugin-transform-modules-amd",
+ "version": "7.10.5",
+ "description": "This plugin transforms ES2015 modules to AMD",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7a59b9babb8d8a8ec24cb148b550bfac8cca2df435efe7d7ec4573e56d13320207168d736343b3cf1fa583084be2997397c3b3567e906acc790de105ca836247"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-modules-amd@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/babel-plugin-dynamic-import-node@2.3.3",
+ "name": "babel-plugin-dynamic-import-node",
+ "version": "2.3.3",
+ "description": "Babel plugin to transpile import() to a deferred require(), for node",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8d9548facf5983722a03f91d8b48ba5030b26d423769204b9e096161b4928ca955ef217517fe4b5aff0c6a4426bd8a676c90d2e9f7012f62b31d2c4d08cb5649"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/babel-plugin-dynamic-import-node@2.3.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/airbnb/babel-plugin-dynamic-import-node#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/airbnb/babel-plugin-dynamic-import-node/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/airbnb/babel-plugin-dynamic-import-node.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-modules-commonjs@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-modules-commonjs",
+ "version": "7.10.4",
+ "description": "This plugin transforms ES2015 modules to CommonJS",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5e3ed4ab9a3cd070cb956eb8ad57c30616a8e8e5fcf4729499bfbdbd661a2d70593a66b8800eadc38362d4ee6a543a195945747f1318034698cce6b0cf497ed7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-modules-commonjs@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-modules-systemjs@7.10.5",
+ "group": "@babel",
+ "name": "plugin-transform-modules-systemjs",
+ "version": "7.10.5",
+ "description": "This plugin transforms ES2015 modules to SystemJS",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7f844b3bf38bd78fc53f50046dcb16333a5b533eadb2c45a790835d511f504ffd79cfa51a15c2079856230569c9e46b0e24e308d14a39f78a9d54c3d4da5ee33"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-modules-systemjs@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-hoist-variables@7.10.4",
+ "group": "@babel",
+ "name": "helper-hoist-variables",
+ "version": "7.10.4",
+ "description": "Helper function to hoist variables",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c258eba05e4f8029368ee17af646a71d5b3abeb2f020f369e832c3f8bae5de1a10dcfa4f3e291a0d134503ed2df3534ea0cb760cbe965bf99d53c93893a673b8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-hoist-variables@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-modules-umd@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-modules-umd",
+ "version": "7.10.4",
+ "description": "This plugin transforms ES2015 modules to UMD",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9a8856e6adee004b7c4f8e584fb41ce70b3a99680901a2fff017d60fd0e8768d40dd1296962f304d2f96890fe49c5fad5e53e2ad6ff5fccab3cc67c213128408"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-modules-umd@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-named-capturing-groups-regex@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-named-capturing-groups-regex",
+ "version": "7.10.4",
+ "description": "Compile regular expressions using named groups to ES5.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "57a2ee3a70f7d644e4c503e12a2558cd80bf26076ae778ab242ff10529aa70d72a14657e3c447897aad4e521f6565edb1fd98b0c771cd3e97d1d439ee1134628"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-named-capturing-groups-regex@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-new-target@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-new-target",
+ "version": "7.10.4",
+ "description": "Transforms new.target meta property",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "617c16503007fc9e9d95fc2a956b33b48d8fbb3d4db5402e6d784e3cb43982347faa643953de836381503bc02ddf724de173c186b8c1f08e1e3262d13a38cb8f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-new-target@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-object-super@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-object-super",
+ "version": "7.10.4",
+ "description": "Compile ES2015 object super to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e624f0d0991d45d26fafbb18d2f1ea4e99ebb94a5379adf62479aafdab485aab2736eb2c6d1ce3103c967a9f14373b6dd41e48bac05883c22b6f46cb6e210109"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-object-super@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-property-literals@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-property-literals",
+ "version": "7.10.4",
+ "description": "Ensure that reserved words are quoted in object property keys",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a1fb0070a894c50f13638b12720b06791daf248b1faf3aaf15bf46bc9e547570f397e3326026818ff146cd7bafeea13468972358c20b9f2d5ea6a7a59c5973f2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-property-literals@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-regenerator@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-regenerator",
+ "version": "7.10.4",
+ "description": "Explode async and generator functions into a state machine.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ded8401f0b68af7f40ec2d385ee71b320d7b45c677429a5fc6bdb6c18cd935c54890f1dfa4cf49d123bccee095e9265adbae64c41252adf293bc3098a811571b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-regenerator@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/regenerator-transform@0.14.5",
+ "name": "regenerator-transform",
+ "version": "0.14.5",
+ "description": "Explode async and generator functions into a state machine.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "78e7fabe46b920ed79d497ecc3634ef56a465f9f16eb05a679f2b7235cc41abd25383d2ef2bc0f68da902f5691c546b12de28edc0acd87755883529b683f8517"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/regenerator-transform@0.14.5",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/facebook/regenerator/tree/master/packages/regenerator-transform"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/runtime@7.10.5",
+ "group": "@babel",
+ "name": "runtime",
+ "version": "7.10.5",
+ "description": "babel's modular runtime helpers",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a2d75d5ca85d367eddd29b681511ed30b6bc2ea0f12d8c138c1e27620335cb2e4dea053f3147fcceacb22e5b421f7c80562b41ce6c0ae2eb3e0c3d25fcc6ae02"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/runtime@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-reserved-words@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-reserved-words",
+ "version": "7.10.4",
+ "description": "Ensure that no reserved words are used.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "846b30d4ee917b0d5f9056c322664812a03c1a889dc130229700b25aa2c133d7fe7bfbbfb10310bbbb97e9dca891f39ac91bae55f28e5b83bb1ef68158cf8995"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-reserved-words@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-shorthand-properties@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-shorthand-properties",
+ "version": "7.10.4",
+ "description": "Compile ES2015 shorthand properties to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "002d8afedee8d3b29e4c8c4ca079dec97f74bf7ce49b97231c912892b3c4006132dd40a9f2c2ca7e77ce206759d7de1fc8de307d7ff3654593f6dac9674a9cf9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-shorthand-properties@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-spread@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-spread",
+ "version": "7.10.4",
+ "description": "Compile ES2015 spread to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d5eff9d46fcd8beeee1f9824b5b5aff9e0840fda4ff19a518590778ce688de69b37ef25358792ec984efd19e4f62dc8cf93af609cafd914750c67eb47c8e56b9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-spread@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-sticky-regex@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-sticky-regex",
+ "version": "7.10.4",
+ "description": "Compile ES2015 sticky regex to an ES5 RegExp constructor",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0ddcb74197c86c4574558715b450c28de138c705532564e652da2b009927eaeffdd99fe7589355fa620bcaa1caad4c5760a0361280a2960a0f78fca628be03bd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-sticky-regex@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-template-literals@7.10.5",
+ "group": "@babel",
+ "name": "plugin-transform-template-literals",
+ "version": "7.10.5",
+ "description": "Compile ES2015 template literals to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "57f9673c621bf8a4f5d8e422903be04ae7ac457d78724e457c95edebeb5785d909f95b1dd250c256d17a8dc078acd0a5605cda0768eeb19fa534848393698c33"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-template-literals@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-typeof-symbol@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-typeof-symbol",
+ "version": "7.10.4",
+ "description": "This transformer wraps all typeof expressions with a method that replicates native behaviour. (ie. returning “symbol” for symbols)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "42a360630bae5b4cb41fe91413f196491e39b7f71c4617b5e05b3fe19468b8d350b32778a373c6e0eb47888adea5b33658a5010c05ca0802bf2e4e158734da18"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-typeof-symbol@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-unicode-escapes@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-unicode-escapes",
+ "version": "7.10.4",
+ "description": "Compile ES2015 Unicode escapes to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "cb95c9f7068cb62d89f9eee28f6d1ef9a1fe7e1a3b59bed6f2b36ebbbd9a291c021c5a9076191d536968dee67db50b9ba0425c5056b25dd01185cc4b437fba16"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-unicode-escapes@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-unicode-regex@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-unicode-regex",
+ "version": "7.10.4",
+ "description": "Compile ES2015 Unicode regex to ES5",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c0d7ec738b3c376aa7230a4efd63f66624b28dfa536a64f60bd57d1431ff2e3b9bf73c3a3f74a391770599cd11414b7dea4d9f988bed95ad8c323813c08002f8"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-unicode-regex@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/preset-modules@0.1.3",
+ "group": "@babel",
+ "name": "preset-modules",
+ "version": "0.1.3",
+ "description": "A Babel preset that targets modern browsers by fixing engine bugs.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "45adc95ce1c1ab6c5de7ac5217b94c297763067dd3efbd98d567addf25a7903972f731ef2648b4dbdb40173bc000ae5c7f8615df2a31b8feb572b611a25e9256"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/preset-modules@0.1.3"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/core-js-compat@3.6.5",
+ "name": "core-js-compat",
+ "version": "3.6.5",
+ "description": "core-js compat",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "ec8b5328e84e65bce7857010da0fec9468353c9579cc33bf59d913c22ed410e26692fb04df63d6bf1ea62ad0e388ca639d1d8235fe81003eac4b1225bfba6d9e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/core-js-compat@3.6.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/zloirock/core-js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/zloirock/core-js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/zloirock/core-js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/semver@7.0.0",
+ "name": "semver",
+ "version": "7.0.0",
+ "description": "The semantic version parser used by npm.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f8607acd503d2d687ace8bd840b00b1f0bf9adbd8f1c69498b795f8aa207c51d2ebb00a079f70e25ce7dbfd7efd70f066d2b70c6ebaaa808c8f4d30038e82ad4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/semver@7.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/npm/node-semver#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/npm/node-semver/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/npm/node-semver.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/preset-flow@7.10.4",
+ "group": "@babel",
+ "name": "preset-flow",
+ "version": "7.10.4",
+ "description": "Babel preset for all Flow plugins.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5c8ea5d42a6d402381bfe64a630ca7cacc21b4e2b0a59669e67d0b1b540a0a8f1ead186a8e8415ea7bf1eb5120df4247a72b16412070036016454de905b498e6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/preset-flow@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-flow-strip-types@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-flow-strip-types",
+ "version": "7.10.4",
+ "description": "Strip flow type annotations from your output code.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5d369dcaea8db2df3c51605374b8ccfb0118ec1167636b18b4fc8089d7c2eccfd06999d2b8866932f2f1a864fba6101c9c6c9687f5d014b29c19fd380a7bf149"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-flow-strip-types@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-flow@7.10.4",
+ "group": "@babel",
+ "name": "plugin-syntax-flow",
+ "version": "7.10.4",
+ "description": "Allow parsing of the flow syntax",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "cb142c5f57498b1178a8411dcd56ecb77499439f0dae8a33f0d57d67d18be1bc93136e41bc9825e657f44440947f47e1dbcad905bfd16135a7fde78ac0232b65"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-flow@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/preset-react@7.10.4",
+ "group": "@babel",
+ "name": "preset-react",
+ "version": "7.10.4",
+ "description": "Babel preset for all React plugins.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "06b1e9e1380e232e0cd7d2407ced4b8727155ce3d67436d345ea7b795c9ab5fd7be077dffba524e77b03c9a8ea64fbbc5b5a9744189839f21a99e93a8c0ed857"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/preset-react@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://babeljs.io/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-react-display-name@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-react-display-name",
+ "version": "7.10.4",
+ "description": "Add displayName to React.createClass calls",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "65de17e7832ef5205f3c69c471a19c3ab54060eb634f6a27f106642ca12ad52fed1dec46dfd77d5d7199bf5f557d1ac38cf2731663df4c0a8e412d697c53ae8f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-react-display-name@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-react-jsx@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-react-jsx",
+ "version": "7.10.4",
+ "description": "Turn JSX into React function calls",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2fe31f4615a35f4788ec9b34f7730ce8c69c294e0ce9d9c245afd03c3c183318e58f3482cf39732b38fd3e4e0fdceb6b3dcc6bd8ddf39d1e35f67af75f0fbae4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-react-jsx@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-builder-react-jsx@7.10.4",
+ "group": "@babel",
+ "name": "helper-builder-react-jsx",
+ "version": "7.10.4",
+ "description": "Helper function to build react jsx",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e673dc219efe28a0f14f5e36ee8062be5f55f584da97baa4d1d89c72787b46b720ad3fe91853a3806c35760af2cb1d46bc71295d57e80c5e80937ad389687c46"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-builder-react-jsx@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/helper-builder-react-jsx-experimental@7.10.5",
+ "group": "@babel",
+ "name": "helper-builder-react-jsx-experimental",
+ "version": "7.10.5",
+ "description": "Helper function to build react jsx",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "06e7b09f1e8ce2db46f8d2e42b2b7b6da427ed2702fd377e7bdf46f75e1f454f1f188522bc30e054841e0c715ae5ee02452250b79f16a4d1e1b00660b73561b2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/helper-builder-react-jsx-experimental@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-jsx@7.10.4",
+ "group": "@babel",
+ "name": "plugin-syntax-jsx",
+ "version": "7.10.4",
+ "description": "Allow parsing of jsx",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "28283d9a2a3d8f088044207b580710ed8d6afaa89c20b8e82bc2cffd590f90429a7f976469964ad447137bdd5adc9265677ab2e8be6cf57e766e81188bc0ccf6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-jsx@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-react-jsx-development@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-react-jsx-development",
+ "version": "7.10.4",
+ "description": "Turn JSX into React function calls in development",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "44cdd901dd6c535890eeb236761ad94591afd1aab335031b9085024b5b716298bdc07436647363a394f05fe503ea9bc55b801b5aa2d562f2b2e6a2520324468d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-react-jsx-development@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-react-jsx-self@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-react-jsx-self",
+ "version": "7.10.4",
+ "description": "Add a __self prop to all JSX Elements",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c8ebf1636a43895262d1ac5d4d61d2322e53d0320b37e1fe49a7897800872a340b7b313384bc7d9c417dc60a412cfb6466c92cf5c9dbe4ff620448b6d449f782"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-react-jsx-self@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-react-jsx-source@7.10.5",
+ "group": "@babel",
+ "name": "plugin-transform-react-jsx-source",
+ "version": "7.10.5",
+ "description": "Add a __source prop to all JSX Elements",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c137aa1d590dd657cf2ee6d18991f7a3bddfe2b7e89f8d87a60c544acf3a35cfbc408726fc1f6cf0d3555eefe0c0670ec9def20e26fd8a4c680cbc493f45220c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-react-jsx-source@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-react-pure-annotations@7.10.4",
+ "group": "@babel",
+ "name": "plugin-transform-react-pure-annotations",
+ "version": "7.10.4",
+ "description": "Mark top-level React method calls as pure for tree shaking",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "fa78d992a70eb92f1168f6a4ae747d2afc63a06d404895a9a08bff768c969e021df3c2681653e52127a71978eb55a71950800b194afa7a8751b35be63e7176dc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-react-pure-annotations@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/preset-typescript@7.7.0",
+ "group": "@babel",
+ "name": "preset-typescript",
+ "version": "7.7.0",
+ "description": "Babel preset for TypeScript.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "599deabed009cbcc3f8bac2aab93ee0e790251768b5131c8949ba37c61e61f1b13e6f7806c47448e5ddc0bfde75dfc83d1bce55ac22231d521660ad78ddf505a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/preset-typescript@7.7.0",
+ "externalReferences": [
+ {
+ "type": "vcs",
+ "url": "https://github.com/babel/babel/tree/master/packages/babel-preset-typescript"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-transform-typescript@7.10.5",
+ "group": "@babel",
+ "name": "plugin-transform-typescript",
+ "version": "7.10.5",
+ "description": "Transform TypeScript into ES.next",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "602c98b05aeb44c677a91ef0470b52489a2f3c6e6f1b21b865d712022bc6c137e86ac329dd5381fc02a1a21bb7745b660787020dcb277424b11adadd9620ac65"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-transform-typescript@7.10.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40babel/plugin-syntax-typescript@7.10.4",
+ "group": "@babel",
+ "name": "plugin-syntax-typescript",
+ "version": "7.10.4",
+ "description": "Allow parsing of TypeScript syntax",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a12004cf562404200aaf9622abcfc136dbd200fc24a7f232527c19a2077ca7e17446e61042b2de454cc8421b9e4134c1cbf17e6b8d2e4bb3852b19e446f9af15"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40babel/plugin-syntax-typescript@7.10.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/babel/babel#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/babel/babel/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/babel/babel.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ansi@0.3.1",
+ "name": "ansi",
+ "version": "0.3.1",
+ "description": "Advanced ANSI formatting tool for Node.js",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "0c42d4fb17160d5a9af1e484bace1c66922c1b21"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ansi@0.3.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/TooTallNate/ansi.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/TooTallNate/ansi.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/TooTallNate/ansi.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/babel-plugin-ttag@1.7.26",
+ "name": "babel-plugin-ttag",
+ "version": "1.7.26",
+ "description": "[](https://travis-ci.org/ttag-org) [](https://codecov.io/gh/ttag-org/babel-plugin-ttag)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9b306ab3def6710d728877fe68b4ba417d99ea3205705479c5de12da03693ec2f3cd65bc0a863fd305c7a3d98ede679f3469624c224b49c428004063d4cc2958"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/babel-plugin-ttag@1.7.26",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ttag-org/babel-plugin-ttag#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ttag-org/babel-plugin-ttag/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ttag-org/babel-plugin-ttag.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ajv@4.9.0",
+ "name": "ajv",
+ "version": "4.9.0",
+ "description": "Another JSON Schema Validator",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5a358085747b134eb567d6d15e015f1d7802f45c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ajv@4.9.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/epoberezkin/ajv"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/epoberezkin/ajv/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/epoberezkin/ajv.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/json-stable-stringify@1.0.1",
+ "name": "json-stable-stringify",
+ "version": "1.0.1",
+ "description": "deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9a759d39c5f2ff503fd5300646ed445f88c4f9af"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/json-stable-stringify@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/substack/json-stable-stringify"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/substack/json-stable-stringify/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/substack/json-stable-stringify.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/jsonify@0.0.0",
+ "name": "jsonify",
+ "version": "0.0.0",
+ "description": "JSON without touching any globals",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2c74b6ee41d93ca51b7b5aaee8f503631d252a73"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "Public Domain"
+ }
+ }
+ ],
+ "purl": "pkg:npm/jsonify@0.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/substack/jsonify#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/substack/jsonify/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/substack/jsonify.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/babel-plugin-macros@2.8.0",
+ "name": "babel-plugin-macros",
+ "version": "2.8.0",
+ "description": "Allows you to build compile-time libraries",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4843f9909a5f198a982a906b8f95d4dda870e69e46387274539b2c39243f58155dc240f60f395c7bde5ec504ecde339558f3ca2c1376ae51169022bb75298bbe"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/babel-plugin-macros@2.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/kentcdodds/babel-plugin-macros#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kentcdodds/babel-plugin-macros/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/kentcdodds/babel-plugin-macros.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cosmiconfig@6.0.0",
+ "name": "cosmiconfig",
+ "version": "6.0.0",
+ "description": "Find and load configuration from a package.json property, rc file, or CommonJS module",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c5bdd92faf8bf1bf492cb0b1dd9768672e3ed840a9842328d8fc2a80fd6d95f56ae8ce9845ecb3049b6f596b5b0d2a4dafd867f7aa640a266a51c14473ee7842"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cosmiconfig@6.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/davidtheclark/cosmiconfig#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/davidtheclark/cosmiconfig/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/davidtheclark/cosmiconfig.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/%40types/parse-json@4.0.0",
+ "group": "@types",
+ "name": "parse-json",
+ "version": "4.0.0",
+ "description": "TypeScript definitions for parse-json",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "fffa28ac46632fab1b3dc2946827481a5214787dba9a0ce29a3041efb1ba5d18270e5fcbe703a7a7204645efcc99fe42556dcfc04044d4d8e2319fecb05878c0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/%40types/parse-json@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/DefinitelyTyped/DefinitelyTyped/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/DefinitelyTyped/DefinitelyTyped.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/import-fresh@3.2.1",
+ "name": "import-fresh",
+ "version": "3.2.1",
+ "description": "Import a module while bypassing the cache",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e9ed6ad5c9d63f64570fdfe47929311d2720e74f02757a975a05816844cd872b81173fa451994a6e887e2122be6d4fbe0e66c78a6541acecffcf33ded2c677b1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/import-fresh@3.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/import-fresh#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/import-fresh/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/import-fresh.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/parent-module@1.0.1",
+ "name": "parent-module",
+ "version": "1.0.1",
+ "description": "Get the path of the parent module",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "190d84591a5057cfe8f80c3c62ab5f6593df3515996246e2744f64e6ba65fe10b7bed1c705f1a6d887e2eaa595f9ca031a4ad42990311372e8b7991cb11961fa"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/parent-module@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/parent-module#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/parent-module/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/parent-module.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/resolve-from@4.0.0",
+ "name": "resolve-from",
+ "version": "4.0.0",
+ "description": "Resolve the path of a module like `require.resolve()` but from a given path",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a5bfcc6265ecb40932b11171f2988d235b4614d408140def904dc6ab812e035745ea01e9ffebe066ab021896a9bf2f0ddd0fb8a3b170beab8f25c9d9ed1632e2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/resolve-from@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/resolve-from#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/resolve-from/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/resolve-from.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/parse-json@5.0.0",
+ "name": "parse-json",
+ "version": "5.0.0",
+ "description": "Parse JSON with more helpful errors",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "38e6396fb3c0105574136162af528e9317219d9342768c0026043936ec63a4129344fde9421c24ae4c6a4237a8289f9f3bb6c2a662196a8808e1e6460cc1063b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/parse-json@5.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/parse-json#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/parse-json/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/parse-json.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lines-and-columns@1.1.6",
+ "name": "lines-and-columns",
+ "version": "1.1.6",
+ "description": "Maps lines and columns to character offsets and back.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1c00c743b433cd0a4e80758f7b64a57440d9ff00"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lines-and-columns@1.1.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/eventualbuddha/lines-and-columns#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/eventualbuddha/lines-and-columns/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/eventualbuddha/lines-and-columns.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/path-type@4.0.0",
+ "name": "path-type",
+ "version": "4.0.0",
+ "description": "Check if a path is a file, directory, or symlink",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "80329bf1a64c0de0ffb595acf4febeab427d33091d97ac4c57c4e39c63f7a89549d3a6dd32091b0652d4f0875f3ac22c173d815b5acd553dd7b8d125f333c0bf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/path-type@4.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/path-type#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/path-type/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/path-type.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/yaml@1.10.0",
+ "name": "yaml",
+ "version": "1.10.0",
+ "description": "JavaScript parser and stringifier for YAML",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "cabda2708e2095868d1be29638d3836a9cb6fe30dd3120e7ace3528db9400630fd0786792e08a2adc4adf26f2c45914d8b4f241bd4a6d2e487b4498fdf36841a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/yaml@1.10.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://eemeli.org/yaml/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/eemeli/yaml/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/eemeli/yaml.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/dedent@0.6.0",
+ "name": "dedent",
+ "version": "0.6.0",
+ "description": "An ES6 string tag that strips indentation from multi-line strings",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "0e6da8f0ce52838ef5cec5c8f9396b0c1b64a3cb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/dedent@0.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/dmnd/dedent"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/dmnd/dedent/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/dmnd/dedent.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/gettext-parser@4.0.0-alpha.0",
+ "name": "gettext-parser",
+ "version": "4.0.0-alpha.0",
+ "description": "Parse and compile gettext po and mo files to/from json, nothing more, nothing less",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b3bb9d83774eae516d17f511100fe49334f92a3fc2dc2f65a6bea81b1e45e4b7c869d5c39edc20496106cc9f3af5138cd0e9c2b1d9a1727f944977cb3e9097c4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/gettext-parser@4.0.0-alpha.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://github.com/smhg/gettext-parser"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/smhg/gettext-parser/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/smhg/gettext-parser.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/content-type@1.0.4",
+ "name": "content-type",
+ "version": "1.0.4",
+ "description": "Create and parse HTTP Content-Type header",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8483f71043ecf2d07d013d4bf8d52ab70380a6ce269366686fcf4c5973078c75a0f668a517f8f8a2c9e740b5c108114193fb6f206fed51cf663942623c184f5c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/content-type@1.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/content-type#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/content-type/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/content-type.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/encoding@0.1.13",
+ "name": "encoding",
+ "version": "0.1.13",
+ "description": "Convert encodings, uses iconv-lite",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "11305aba8c354f7e58fd664c922a3d8e2334679c631c7989e179a364eab597f757cf796bdac467f3b9c9cb6d11ba9a928751769b71c73d2a7c4a120f409ac9dc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/encoding@0.1.13",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/andris9/encoding#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/andris9/encoding/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/andris9/encoding.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/iconv-lite@0.6.2",
+ "name": "iconv-lite",
+ "version": "0.6.2",
+ "description": "Convert character encodings in pure javascript.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "db2f758793a9425a2579f30f994962bde962b6d496cb4acffa8615a67e80ec6c151cd13c016ce860e04d9a5c24b372e86da2718070986409f2368d8682935135"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/iconv-lite@0.6.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ashtuchkin/iconv-lite"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ashtuchkin/iconv-lite/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ashtuchkin/iconv-lite.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/plural-forms@0.3.3",
+ "name": "plural-forms",
+ "version": "0.3.3",
+ "description": "Provides information about the plural forms from any language that you may know",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f42105c691dad4aaed645a1ad05c9b65cc720f1d5c7967a5a30b65496b45b2647306043d0e3e3b626c98e9cca73c0254a00fe42e6d81ed5622d027cd2036670b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/plural-forms@0.3.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/c-3po-org/plural-forms#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/c-3po-org/plural-forms/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/c-3po-org/plural-forms.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cross-spawn@5.1.0",
+ "name": "cross-spawn",
+ "version": "5.1.0",
+ "description": "Cross platform child_process#spawn and child_process#spawnSync",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "e8bd0efee58fcff6f8f94510a0a554bbfa235449"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cross-spawn@5.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/IndigoUnited/node-cross-spawn#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/IndigoUnited/node-cross-spawn/issues/"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/IndigoUnited/node-cross-spawn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lru-cache@4.1.5",
+ "name": "lru-cache",
+ "version": "4.1.5",
+ "description": "A cache object that deletes the least-recently-used items.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b166656c43f63ac1cd917acc97919893f8ca93bd0c06783a514e1823fa860d86e07fa61b3f812f9aa2126d70a826244ab3ed5b4a9147560431bc9d7b176962e6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lru-cache@4.1.5",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/node-lru-cache#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/node-lru-cache/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/isaacs/node-lru-cache.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pseudomap@1.0.2",
+ "name": "pseudomap",
+ "version": "1.0.2",
+ "description": "A thing that is a lot like ES6 `Map`, but without iterators, for use in environments where `for..of` syntax and `Map` are not available.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f052a28da70e618917ef0a8ac34c1ae5a68286b3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pseudomap@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/pseudomap#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/pseudomap/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/isaacs/pseudomap.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/yallist@2.1.2",
+ "name": "yallist",
+ "version": "2.1.2",
+ "description": "Yet Another Linked List",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1c11f9218f076089a47dd512f93c6699a6a81d52"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/yallist@2.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/isaacs/yallist#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/isaacs/yallist/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/isaacs/yallist.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/estree-walker@2.0.1",
+ "name": "estree-walker",
+ "version": "2.0.1",
+ "description": "Traverse an ESTree-compliant AST",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b45d21bfe622d8eb757308fd7981edc42d2307d6e68da72342ce990538fcd87f09c14cb016e73eec4f373567cd3301d765cd759a37c57155cf7bd8043f807c76"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/estree-walker@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Rich-Harris/estree-walker#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Rich-Harris/estree-walker/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/Rich-Harris/estree-walker.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/hunspell-spellchecker@1.0.2",
+ "name": "hunspell-spellchecker",
+ "version": "1.0.2",
+ "description": "Parse and use Hunspell dictionaries in Javascript",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a10b0bd2fa00a65ab62a4c6b734ce496d318910e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "Apache 2"
+ }
+ }
+ ],
+ "purl": "pkg:npm/hunspell-spellchecker@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/GitbookIO/hunspell-spellchecker"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/GitbookIO/hunspell-spellchecker/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/GitbookIO/hunspell-spellchecker.git"
+ }
+ ]
+ },
+ {
+ "type": "framework",
+ "bom-ref": "pkg:npm/koa@2.13.0",
+ "name": "koa",
+ "version": "2.13.0",
+ "description": "Koa web app framework",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8bf5c954e7cfc3b9e96ccbfaefe6ce797af780fa8e030eae879c05c8db3742f278eed531dccdd5f6b204d3ffd6cad638d8c2b3e25fcc5cac86910d8b4137cb51"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/koa@2.13.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/koajs/koa#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/koajs/koa/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/koajs/koa.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/accepts@1.3.7",
+ "name": "accepts",
+ "version": "1.3.7",
+ "description": "Higher-level content negotiation",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "225f3442cd968d89492013733642ba298aa554c4db64b5e01f1da84f4a54fdf8d11f2129f8f11f10f634477582c001953ad6aec61d613b136021fe5bbfb750a4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/accepts@1.3.7",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/accepts#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/accepts/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/accepts.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/negotiator@0.6.2",
+ "name": "negotiator",
+ "version": "0.6.2",
+ "description": "HTTP content negotiation",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8595dcecad9ef8f81e23578305eff5d00adde1e91b7ebaea1bc129fbc2667f82480f66cd83b36f08f39937e91f179ef8a45408ee6ba6d8052a0e27682aa7133b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/negotiator@0.6.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/negotiator#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/negotiator/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/negotiator.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cache-content-type@1.0.1",
+ "name": "cache-content-type",
+ "version": "1.0.1",
+ "description": "Create a full Content-Type header given a MIME type or extension and catch the result",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "20ab9f675a3852de36614ad94a8f3eaa7313ac5b8a92fca82d7532c0acfd189e41ae13851a12dd931f6c1b82809d5bdb63a9047121632d0ba5f83566066d9b80"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cache-content-type@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/node-modules/cache-content-type#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/node-modules/cache-content-type/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/node-modules/cache-content-type.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ylru@1.2.1",
+ "name": "ylru",
+ "version": "1.2.1",
+ "description": "Extends LRU base on hashlru",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7da42ba8d33370f0871950b669a388364d772be69a04350f8c65a5d2d78e5f2c0494b8f254007a39eda38fada31d8b70b14e3d8d78527186ef3c434afbacc0bd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ylru@1.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/node-modules/ylru"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/node-modules/ylru/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/node-modules/ylru.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/content-disposition@0.5.3",
+ "name": "content-disposition",
+ "version": "0.5.3",
+ "description": "Create and parse Content-Disposition header",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1313b4efbe2290439b200115f640e8e74a3eefd54251d101ea7ea5cca806c2ea5c55e46586b8f7a8601fc2af06eae0498e4a8bae14f4a846057169e0f33d73d2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/content-disposition@0.5.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/content-disposition#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/content-disposition/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/content-disposition.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cookies@0.8.0",
+ "name": "cookies",
+ "version": "0.8.0",
+ "description": "Cookies, optionally signed using Keygrip.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f1a3ec02941f79b5e7b88fb9dfb31cc18b03b635711a6f204c8cd02371435bab79b7f0c0844471b676c43cdffc457fae66d868cf87823a09685da139718c8da3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cookies@0.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/pillarjs/cookies#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/pillarjs/cookies/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/pillarjs/cookies.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/depd@2.0.0",
+ "name": "depd",
+ "version": "2.0.0",
+ "description": "Deprecate all the things",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "83b9c7e8fe9dc838a8268800006a6b1a90ad5489898693e4feba02cdd6f77c887ad7fb3f9cfb1f47aa27c8cc2408047f3a50b7c810b49444af52840402cb08af"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/depd@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/dougwilson/nodejs-depd#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/dougwilson/nodejs-depd/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/dougwilson/nodejs-depd.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/keygrip@1.1.0",
+ "name": "keygrip",
+ "version": "1.1.0",
+ "description": "Key signing and verification for rotated credentials",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "89849c84327e96243c8b06d223642ab103afaafe7c7890846a7c893c98be2a1caef2c9a470a4855026cfc3315c2fb615b59e9e38d8ea457ff7f1c689ed08d101"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/keygrip@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/crypto-utils/keygrip#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/crypto-utils/keygrip/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/crypto-utils/keygrip.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/tsscmp@1.0.6",
+ "name": "tsscmp",
+ "version": "1.0.6",
+ "description": "Timing safe string compare using double HMAC",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2f186d0243c34e45423108edda1e9e055636f0a0a38a466a65f31c0b5e5805e3639205297427c1bb91e888e4c3bbceafeac984f323a3c8492d27c8656c034740"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/tsscmp@1.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/suryagh/tsscmp#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/suryagh/tsscmp/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/suryagh/tsscmp.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/debug@3.1.0",
+ "name": "debug",
+ "version": "3.1.0",
+ "description": "small debugging utility",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "397f17a8feffd5af5caa4c58c36c97b2cd797f6e8d2960690d741dd3fb8afca3ea7508716cf6bdf78867ce3704d95a90a43b257f9e7bdb770a3d43864a6318de"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/debug@3.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/visionmedia/debug#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/visionmedia/debug/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/visionmedia/debug.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/delegates@1.0.0",
+ "name": "delegates",
+ "version": "1.0.0",
+ "description": "delegate methods and accessors to another property",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "84c6e159b81904fdca59a0ef44cd870d31250f9a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/delegates@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/visionmedia/node-delegates#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/visionmedia/node-delegates/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/visionmedia/node-delegates.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/depd@1.1.2",
+ "name": "depd",
+ "version": "1.1.2",
+ "description": "Deprecate all the things",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9bcd52e14c097763e749b274c4346ed2e560b5a9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/depd@1.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/dougwilson/nodejs-depd#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/dougwilson/nodejs-depd/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/dougwilson/nodejs-depd.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/destroy@1.0.4",
+ "name": "destroy",
+ "version": "1.0.4",
+ "description": "destroy a stream if possible",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "978857442c44749e4206613e37946205826abd80"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/destroy@1.0.4",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stream-utils/destroy#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stream-utils/destroy/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stream-utils/destroy.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/encodeurl@1.0.2",
+ "name": "encodeurl",
+ "version": "1.0.2",
+ "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ad3ff4c86ec2d029322f5a02c3a9a606c95b3f59"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/encodeurl@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/pillarjs/encodeurl#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/pillarjs/encodeurl/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/pillarjs/encodeurl.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/escape-html@1.0.3",
+ "name": "escape-html",
+ "version": "1.0.3",
+ "description": "Escape string for use in HTML",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "0258eae4d3d0c0974de1c169188ef0051d1d1988"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/escape-html@1.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/component/escape-html#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/component/escape-html/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/component/escape-html.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/fresh@0.5.2",
+ "name": "fresh",
+ "version": "0.5.2",
+ "description": "HTTP response freshness testing",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "3d8cadd90d976569fa835ab1f8e4b23a105605a7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/fresh@0.5.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/fresh#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/fresh/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/fresh.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/http-assert@1.4.1",
+ "name": "http-assert",
+ "version": "1.4.1",
+ "description": "assert with status codes",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "addc3baba1939626ea5556d7af408a7a57d5e6263c1b61ea1149214a4dbdec131b4a948bf1cad70bef6b8caa0c719644b24b17df495ee9fff8ba5e04dbc81e83"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/http-assert@1.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/http-assert#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/http-assert/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/http-assert.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/deep-equal@1.0.1",
+ "name": "deep-equal",
+ "version": "1.0.1",
+ "description": "node's assert.deepEqual algorithm",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "f5d260292b660e084eff4cdbc9f08ad3247448b5"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/deep-equal@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/substack/node-deep-equal#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/substack/node-deep-equal/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/substack/node-deep-equal.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/http-errors@1.7.3",
+ "name": "http-errors",
+ "version": "1.7.3",
+ "description": "Create HTTP error objects",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6534d7d0c5abb10d9902103571e8c0c032f2705b1dec8ee756d9e44f73a5d1aaa875a296fb4093643435b81bf9c21a6d0a773c7bc1de45127146cd249a6fd07f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/http-errors@1.7.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/http-errors#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/http-errors/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/http-errors.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/setprototypeof@1.1.1",
+ "name": "setprototypeof",
+ "version": "1.1.1",
+ "description": "A small polyfill for Object.setprototypeof",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "26f74059f6d778819a67d7082e9dfc1e7b594854a8de65a0eb119c249b1df9de1a44c3aa6ae6a0d42eb77497c3c3b39a318c046c730ec4467596a55160fd8e03"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/setprototypeof@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/wesleytodd/setprototypeof"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/wesleytodd/setprototypeof/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/wesleytodd/setprototypeof.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/statuses@1.5.0",
+ "name": "statuses",
+ "version": "1.5.0",
+ "description": "HTTP status utility",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "161c7dac177659fd9811f43771fa99381478628c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/statuses@1.5.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/statuses#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/statuses/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/statuses.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/toidentifier@1.0.0",
+ "name": "toidentifier",
+ "version": "1.0.0",
+ "description": "Convert a string of words to a JavaScript identifier",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c9a387fcf93f5448415964e5848faa5f10c55e57a30c67108a9325cb175af67b61ba56b12d950d714a85c68929d2f7189efb5e2659f914d40346bc63dd871b57"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/toidentifier@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/component/toidentifier#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/component/toidentifier/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/component/toidentifier.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/http-errors@1.8.0",
+ "name": "http-errors",
+ "version": "1.8.0",
+ "description": "Create HTTP error objects",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e08f2bd02e490e14f9564bc8e3b424b435bbe6b365195b147fff21ce3082ff091623f8dd4d19816fd688edead21bcdabd5b8ca63717a936f169ec5710750bbdc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/http-errors@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/http-errors#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/http-errors/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/http-errors.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/setprototypeof@1.2.0",
+ "name": "setprototypeof",
+ "version": "1.2.0",
+ "description": "A small polyfill for Object.setprototypeof",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "1392c35fb5aba7ce4a8a5e5b859bf8ea3f2339e6e82aae4932660cde05467461fcc45a4f59750cb0dae53830ab928c4c11e362fd7648c2e46f6385cdc18309a7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/setprototypeof@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/wesleytodd/setprototypeof"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/wesleytodd/setprototypeof/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/wesleytodd/setprototypeof.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-generator-function@1.0.7",
+ "name": "is-generator-function",
+ "version": "1.0.7",
+ "description": "Determine if a function is a native generator function.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "619739130c8ee1fda45826b1ee87a07ee4abf66173d59be278d6011239ae90bc605df0546f101619517b1997f4ce2758b68065dd6bc2d3b60ad304fbe9af91b7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-generator-function@1.0.7",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ljharb/is-generator-function#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ljharb/is-generator-function/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/ljharb/is-generator-function.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/koa-compose@4.1.0",
+ "name": "koa-compose",
+ "version": "4.1.0",
+ "description": "compose Koa middleware",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f0e0d6f13ac3b8c62f5d1c2b6bf2a1effac9a3d06d39f3dceaa3bc7807c2f340a70af4a34a5d1b911336e17ebf5c1044ca3d2fd674544352f23b2ddd6ea3965f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/koa-compose@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/koajs/compose#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/koajs/compose/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/koajs/compose.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/koa-convert@1.2.0",
+ "name": "koa-convert",
+ "version": "1.2.0",
+ "description": "convert koa legacy generator-based middleware to promise-based middleware",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "da40875df49de0539098d1700b50820cebcd21d0"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/koa-convert@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/gyson/koa-convert#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/gyson/koa-convert/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/gyson/koa-convert.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/koa-compose@3.2.1",
+ "name": "koa-compose",
+ "version": "3.2.1",
+ "description": "compose Koa middleware",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a85ccb40b7d986d8e5a345b3a1ace8eabcf54de7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/koa-compose@3.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/koajs/compose#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/koajs/compose/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/koajs/compose.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/any-promise@1.3.0",
+ "name": "any-promise",
+ "version": "1.3.0",
+ "description": "Resolve any installed ES6 compatible promise",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "abc6afeedcea52e809cdc0376aed3ce39635d17f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/any-promise@1.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://github.com/kevinbeaty/any-promise"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/kevinbeaty/any-promise/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/kevinbeaty/any-promise.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/on-finished@2.3.0",
+ "name": "on-finished",
+ "version": "2.3.0",
+ "description": "Execute a callback when a request closes, finishes, or errors",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "20f1336481b083cd75337992a16971aa2d906947"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/on-finished@2.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/on-finished#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/on-finished/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/on-finished.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ee-first@1.1.1",
+ "name": "ee-first",
+ "version": "1.1.1",
+ "description": "return the first event in a set of ee/event pairs",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "590c61156b0ae2f4f0255732a158b266bc56b21d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ee-first@1.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonathanong/ee-first#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonathanong/ee-first/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonathanong/ee-first.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/only@0.0.2",
+ "name": "only",
+ "version": "0.0.2",
+ "description": "return whitelisted properties of an object",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2afde84d03e50b9a8edc444e30610a70295edfb4"
+ }
+ ],
+ "purl": "pkg:npm/only@0.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/visionmedia/node-only#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/visionmedia/node-only/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/visionmedia/node-only.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/parseurl@1.3.3",
+ "name": "parseurl",
+ "version": "1.3.3",
+ "description": "parse a url with memoization",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "0a2c9e3b1153fc96723799b4cfd3df5f0e1208127a4b2833d43a65d30aa39610c418604fd469ec51510bd29eb78681b57dc8f77c7ca75e2f4d60ee2758e2fea9"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/parseurl@1.3.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/pillarjs/parseurl#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/pillarjs/parseurl/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/pillarjs/parseurl.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/type-is@1.6.18",
+ "name": "type-is",
+ "version": "1.6.18",
+ "description": "Infer the content-type of a request.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "4e444aafdb144f1107f0c75fb8248fed58b3272cd134c8e3d89d9da3626bdcaca6e7df0955d124b2eccf4029e514f5b8932f50fa203e99af411a6d3a5d0072f2"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/type-is@1.6.18",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/type-is#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/type-is/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/type-is.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/media-typer@0.3.0",
+ "name": "media-typer",
+ "version": "0.3.0",
+ "description": "Simple RFC 6838 media type parser and formatter",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8710d7af0aa626f8fffa1ce00168545263255748"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/media-typer@0.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/media-typer#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/media-typer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/media-typer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/vary@1.1.2",
+ "name": "vary",
+ "version": "1.1.2",
+ "description": "Manipulate the HTTP Vary header",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2299f02c6ded30d4a5961b0b9f74524a18f634fc"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/vary@1.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/vary#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/vary/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/vary.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/koa-body@2.6.0",
+ "name": "koa-body",
+ "version": "2.6.0",
+ "description": "A koa body parser middleware. Support multipart, urlencoded and json request bodies.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f22f6d8b74d1c5e96c9cf51cb74c58f2da13163e604f31965b8e5e3c1913f1f9f364fef9cb9c288ac569ce221da9c9eab6dd6530d043df4a7eb648920be35f8d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/koa-body@2.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/dlau/koa-body#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/dlau/koa-body/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/dlau/koa-body.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/co-body@5.2.0",
+ "name": "co-body",
+ "version": "5.2.0",
+ "description": "request body parsing for co",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b17fcb43b2ea5218326b1cdb7bb22ac0f793af6c9fa5f50843f760a4aa3a648e32e25a50034631028996218fbb23bac759c1b4d8f1be3ae3d1133316ff9b6ccd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/co-body@5.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/cojs/co-body#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/cojs/co-body/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/cojs/co-body.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/inflation@2.0.0",
+ "name": "inflation",
+ "version": "2.0.0",
+ "description": "Easily unzip an HTTP stream",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8b417e47c28f925a45133d914ca1fd389107f30f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/inflation@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stream-utils/inflation#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stream-utils/inflation/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stream-utils/inflation.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/raw-body@2.4.1",
+ "name": "raw-body",
+ "version": "2.4.1",
+ "description": "Get and validate the raw body of a readable stream.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f56988285ea692f03448b980d8a9e6f7eaa3f3d7be8f5cea8329fc69719defe9c076e3e8aa023d94ee7b48064d9ff072ce8e4fec98574f283d3f36896c7ef76c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/raw-body@2.4.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stream-utils/raw-body#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stream-utils/raw-body/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stream-utils/raw-body.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/bytes@3.1.0",
+ "name": "bytes",
+ "version": "3.1.0",
+ "description": "Utility to parse a string bytes to bytes and vice-versa",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "cdab8b8eb7c21bec6fa326aa2e857c6cb5575cd182e09aa5c450aeb520d603a7c9ad3a3666ebcb613a99eda1c12d948c3a8a5bcf0bfc7fec19715cdf5532360e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/bytes@3.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/visionmedia/bytes.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/visionmedia/bytes.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/visionmedia/bytes.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/unpipe@1.0.0",
+ "name": "unpipe",
+ "version": "1.0.0",
+ "description": "Unpipe a stream from all destinations",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b2bf4ee8514aae6165b4817829d21b2ef49904ec"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/unpipe@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stream-utils/unpipe#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stream-utils/unpipe/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stream-utils/unpipe.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/formidable@1.2.2",
+ "name": "formidable",
+ "version": "1.2.2",
+ "description": "A node.js module for parsing form data, especially file uploads.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "57c80b9bee3523ff2482e438fe8d43dd1207466858146e299cdca89efb9afb8d2ba9c1264f8f95ef5c9a677078e7bc5b6e00ac09f8d23e2eb9bbf5babcad54e5"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/formidable@1.2.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/node-formidable/formidable"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/node-formidable/formidable/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/node-formidable/formidable.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/koa-router@7.4.0",
+ "name": "koa-router",
+ "version": "7.4.0",
+ "description": "Router middleware for koa. Provides RESTful resource routing.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "21685a0d77809df0c1129592ea1906759d5a6e582be90ea919d5c2c8adfc45bcee1f82e450ea4fa8fc3eddff25f1a4c3ad098143bc497346ecdb257877370efa"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/koa-router@7.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/alexmingoia/koa-router#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/alexmingoia/koa-router/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/alexmingoia/koa-router.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/debug@3.2.6",
+ "name": "debug",
+ "version": "3.2.6",
+ "description": "small debugging utility",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "99e97e8dfee7aed125e4f9f5431e3acc0457283a416efcdecec7bba7b2ea20d99da0893c3d83f94b249ac44998bfa4d9d09c84280d61b0221de832218084ed59"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/debug@3.2.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/visionmedia/debug#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/visionmedia/debug/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/visionmedia/debug.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/methods@1.1.2",
+ "name": "methods",
+ "version": "1.1.2",
+ "description": "HTTP methods that node supports",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5529a4d67654134edcc5266656835b0f851afcee"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/methods@1.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jshttp/methods#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jshttp/methods/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jshttp/methods.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/path-to-regexp@1.8.0",
+ "name": "path-to-regexp",
+ "version": "1.8.0",
+ "description": "Express style path to RegExp utility",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9f8dc946195429402589b10984f7a2af59dc5080f5e909c48cda70ccd74edcb9b8cb0ac1a41679a0b0f423a6ebf5ebebd58f494eac11b4087b24ba0ecc041d54"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/path-to-regexp@1.8.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/pillarjs/path-to-regexp#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/pillarjs/path-to-regexp/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/pillarjs/path-to-regexp.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/isarray@0.0.1",
+ "name": "isarray",
+ "version": "0.0.1",
+ "description": "Array#isArray for older browsers",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "8a18acfca9a8f4177e09abfc6038939b05d1eedf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/isarray@0.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/juliangruber/isarray"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/juliangruber/isarray/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/juliangruber/isarray.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/urijs@1.19.2",
+ "name": "urijs",
+ "version": "1.19.2",
+ "description": "URI.js is a Javascript library for working with URLs.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "b3f508abd6a9e093d9ec7d4407950ba3f68e51b5aa7c38bb14accc0b6373fb44a2f06893d6b2046a9aedf21cb7572d84c766893e9390bf83f80ee399f8ad5ceb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/urijs@1.19.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://medialize.github.io/URI.js/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/medialize/URI.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/medialize/URI.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/node-fetch@1.7.3",
+ "name": "node-fetch",
+ "version": "1.7.3",
+ "description": "A light-weight module that brings window.fetch to node.js and io.js",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3616780ac2b1edc626daf4ab040af63ef14e7bab160dfd1460b46a03ab2f51883bfbf4d27d502ee3d8d80b806f4384a6b3d49981da86060ae8a9f0e125d4f229"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/node-fetch@1.7.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/bitinn/node-fetch"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/bitinn/node-fetch/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/bitinn/node-fetch.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/open@6.4.0",
+ "name": "open",
+ "version": "6.4.0",
+ "description": "Open stuff like URLs, files, executables. Cross-platform.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "2057a754f805ef47d29b591e49dda20c1203201664ae82deb9f7d7abec0a4f34c9941a5eb055a88d5f656fc9b339f680cccd6cafb1d01ee3b4bed574cd87a41a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/open@6.4.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/open#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/open/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/open.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ora@1.3.0",
+ "name": "ora",
+ "version": "1.3.0",
+ "description": "Elegant terminal spinner",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "80078dd2b92a934af66a3ad72a5b910694ede51a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ora@1.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/ora#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/ora/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/ora.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/chalk@1.1.3",
+ "name": "chalk",
+ "version": "1.1.3",
+ "description": "Terminal string styling done right. Much color.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "a8115c55e4a702fe4d150abd3872822a7e09fc98"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/chalk@1.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/chalk#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/chalk/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/chalk.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ansi-styles@2.2.1",
+ "name": "ansi-styles",
+ "version": "2.2.1",
+ "description": "ANSI escape codes for styling strings in the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b432dd3358b634cf75e1e4664368240533c1ddbe"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ansi-styles@2.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/ansi-styles#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/ansi-styles/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/ansi-styles.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/has-ansi@2.0.0",
+ "name": "has-ansi",
+ "version": "2.0.0",
+ "description": "Check if a string has ANSI escape codes",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "34f5049ce1ecdf2b0649af3ef24e45ed35416d91"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/has-ansi@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/has-ansi#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/has-ansi/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/has-ansi.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ansi-regex@2.1.1",
+ "name": "ansi-regex",
+ "version": "2.1.1",
+ "description": "Regular expression for matching ANSI escape codes",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "c3b33ab5ee360d86e0e628f0468ae7ef27d654df"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ansi-regex@2.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/ansi-regex#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/ansi-regex/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/ansi-regex.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/strip-ansi@3.0.1",
+ "name": "strip-ansi",
+ "version": "3.0.1",
+ "description": "Strip ANSI escape codes",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6a385fb8853d952d5ff05d0e8aaf94278dc63dcf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/strip-ansi@3.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/strip-ansi#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/strip-ansi/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/strip-ansi.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/supports-color@2.0.0",
+ "name": "supports-color",
+ "version": "2.0.0",
+ "description": "Detect whether a terminal supports color",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "535d045ce6b6363fa40117084629995e9df324c7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/supports-color@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/supports-color#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/supports-color/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/supports-color.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cli-cursor@2.1.0",
+ "name": "cli-cursor",
+ "version": "2.1.0",
+ "description": "Toggle the CLI cursor",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "b35dac376479facc3e94747d41d0d0f5238ffcb5"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cli-cursor@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/cli-cursor#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/cli-cursor/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/cli-cursor.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/restore-cursor@2.0.0",
+ "name": "restore-cursor",
+ "version": "2.0.0",
+ "description": "Gracefully restore the CLI cursor on exit",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9f7ee287f82fd326d4fd162923d62129eee0dfaf"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/restore-cursor@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/restore-cursor#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/restore-cursor/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/restore-cursor.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/onetime@2.0.1",
+ "name": "onetime",
+ "version": "2.0.1",
+ "description": "Ensure a function is only called once",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "067428230fd67443b2794b22bba528b6867962d4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/onetime@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/onetime#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/onetime/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/onetime.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mimic-fn@1.2.0",
+ "name": "mimic-fn",
+ "version": "1.2.0",
+ "description": "Make a function mimic another one",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8dff38bb1cf08ae88854a88e2e97d893b378e934b2f2e6d3a279a7798f6fae91cd027a74401b76071595f5d3b7fe3f81a1501bf9ae46e980cf5b73391ce74c59"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mimic-fn@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/mimic-fn#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/mimic-fn/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/mimic-fn.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cli-spinners@1.3.1",
+ "name": "cli-spinners",
+ "version": "1.3.1",
+ "description": "Spinners for use in the terminal",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "d502f8e78e26a04b03547f53fe5e827a6a2fff7ee2bf546da0a7fb349d3803ad3ee0c4445cd7f1fd0bdabdb1fa42819db03e0de0cc32e3d726688351fe8da676"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cli-spinners@1.3.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/cli-spinners#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/cli-spinners/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/cli-spinners.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/log-symbols@1.0.2",
+ "name": "log-symbols",
+ "version": "1.0.2",
+ "description": "Colored symbols for various log levels. Example: ✔︎ success",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "376ff7b58ea3086a0f09facc74617eca501e1a18"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/log-symbols@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/log-symbols#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/log-symbols/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/log-symbols.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/readline-sync@1.4.10",
+ "name": "readline-sync",
+ "version": "1.4.10",
+ "description": "Synchronous Readline for interactively running to have a conversation with the user via a console(TTY).",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "80dbdaf3fe9401ef1061ea48407fe3436aa7f75423d01f6c62330106cdd0381f05d825dc2a02f141a2513fbeac595450b7e414fbc7c09026c2be38cc16eed873"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/readline-sync@1.4.10",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/anseki/readline-sync"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/anseki/readline-sync/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/anseki/readline-sync.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/serialize-javascript@2.1.2",
+ "name": "serialize-javascript",
+ "version": "2.1.2",
+ "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "aecf4e8201141745788d449e7176b3398b0b7eeece18adaa227ddcec83c189f7f3df65e7884a7f4d7f5799cf4b41f2b69d0d90287bd9da8ca0294194d251b88d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/serialize-javascript@2.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/yahoo/serialize-javascript"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yahoo/serialize-javascript/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/yahoo/serialize-javascript.git"
+ }
+ ]
+ },
+ {
+ "type": "framework",
+ "bom-ref": "pkg:npm/svelte@3.24.0",
+ "name": "svelte",
+ "version": "3.24.0",
+ "description": "Cybernetically enhanced web apps",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5455e89ba10fd832bcde4c72e199416da6649526d922ba4d1f7a0d5e53d81c952e5b8ab53ae02bdd9a186df2154d560f0e0ac8ed8ab481070e843940b4ee2a7f"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/svelte@3.24.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sveltejs/svelte#README"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sveltejs/svelte/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sveltejs/svelte.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/tmp@0.0.33",
+ "name": "tmp",
+ "version": "0.0.33",
+ "description": "Temporary file and directory creator",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "8d10899688ca9d9dda75db533a3748aa846e3c4281bcd5dc198ab33bacd6657f0a7ca1299c66398df820250dc48cabaef03e1b251af4cbe7182459986c89971b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/tmp@0.0.33",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://github.com/raszi/node-tmp"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "http://github.com/raszi/node-tmp/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/raszi/node-tmp.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/os-tmpdir@1.0.2",
+ "name": "os-tmpdir",
+ "version": "1.0.2",
+ "description": "Node.js os.tmpdir() ponyfill",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "bbe67406c79aa85c5cfec766fe5734555dfa1274"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/os-tmpdir@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/os-tmpdir#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/os-tmpdir/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/os-tmpdir.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/vue-sfc-parser@0.1.2",
+ "name": "vue-sfc-parser",
+ "version": "0.1.2",
+ "description": "Vue.js single file component parser for static analysis",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "7ef62ee22e68c4ae09db9a986e59aca2d3083526342a13f52d6fc494a68c8a7e025d0d94ab28de520019684d99b35cd8a48286a04b8c8c463e966060865b3559"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/vue-sfc-parser@0.1.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ktsn/vue-sfc-parser"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ktsn/vue-sfc-parser/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ktsn/vue-sfc-parser.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lodash.mapvalues@4.6.0",
+ "name": "lodash.mapvalues",
+ "version": "4.6.0",
+ "description": "The lodash method `_.mapValues` exported as a module.",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "1bafa5005de9dd6f4f26668c30ca37230cc9689c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lodash.mapvalues@4.6.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://lodash.com/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/lodash/lodash/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/lodash/lodash.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/walk@2.3.9",
+ "name": "walk",
+ "version": "2.3.9",
+ "description": "A node port of python's os.walk",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "31b4db6678f2ae01c39ea9fb8725a9031e558a7b"
+ }
+ ],
+ "purl": "pkg:npm/walk@2.3.9",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/coolaj86/node-walk"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/coolaj86/node-walk/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/coolaj86/node-walk.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/foreachasync@3.0.0",
+ "name": "foreachasync",
+ "version": "3.0.0",
+ "description": "A node- and browser-ready async counterpart of Array.prototype.forEach",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5502987dc8714be3392097f32e0071c9dee07cf6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "name": "Apache2"
+ }
+ }
+ ],
+ "purl": "pkg:npm/foreachasync@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/FuturesJS/forEachAsync"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/FuturesJS/forEachAsync/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/FuturesJS/forEachAsync.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/yargs@11.1.1",
+ "name": "yargs",
+ "version": "11.1.1",
+ "description": "yargs the modern, pirate-themed, successor to optimist.",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "3d153b809ac9697bf7ab7c9067ffbf5fa281b30662690fb33a6769ad9728b8f62d420bcd537e62fbaf0ce1bd591cb66d6054f940e6c52d5f9992625873029d8b"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/yargs@11.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://yargs.js.org/"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/yargs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/yargs/yargs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/cliui@4.1.0",
+ "name": "cliui",
+ "version": "4.1.0",
+ "description": "easily create complex multi-column command-line-interfaces",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e051be4521bd0cbeee130454657667dd24b7e038833dfccfd153a2130b545a513e011d84220fa14b2beb2205147e176047f52401e5b640781e3fe856ad7b3b8d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/cliui@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/yargs/cliui#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/cliui/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/yargs/cliui.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/string-width@2.1.1",
+ "name": "string-width",
+ "version": "2.1.1",
+ "description": "Get the visual width of a string - the number of columns required to display it",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9cea87e7d75e0aaf52447971ab5030f39267b78c3a2af2caa9656293aa00f599255cb3483a5aa0e05db2ad3d4c55a4e302abd5c1d7de67bc3b682bc90fbba093"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/string-width@2.1.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/string-width#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/string-width/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/string-width.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/wrap-ansi@2.1.0",
+ "name": "wrap-ansi",
+ "version": "2.1.0",
+ "description": "Wordwrap a string with ANSI escape codes",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d8fc3d284dd05794fe84973caecdd1cf824fdd85"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/wrap-ansi@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/chalk/wrap-ansi#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/chalk/wrap-ansi/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/chalk/wrap-ansi.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/string-width@1.0.2",
+ "name": "string-width",
+ "version": "1.0.2",
+ "description": "Get the visual width of a string - the number of columns required to display it",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "118bdf5b8cdc51a2a7e70d211e07e2b0b9b107d3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/string-width@1.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/string-width#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/string-width/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/string-width.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/code-point-at@1.1.0",
+ "name": "code-point-at",
+ "version": "1.1.0",
+ "description": "ES2015 `String#codePointAt()` ponyfill",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "0d070b4d043a5bea33a2f1a40e2edb3d9a4ccf77"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/code-point-at@1.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/code-point-at#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/code-point-at/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/code-point-at.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/is-fullwidth-code-point@1.0.0",
+ "name": "is-fullwidth-code-point",
+ "version": "1.0.0",
+ "description": "Check if the character represented by a given Unicode code point is fullwidth",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "ef9e31386f031a7f0d643af82fde50c457ef00cb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/is-fullwidth-code-point@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/is-fullwidth-code-point#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/number-is-nan@1.0.1",
+ "name": "number-is-nan",
+ "version": "1.0.1",
+ "description": "ES2015 Number.isNaN() ponyfill",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "097b602b53422a522c1afb8790318336941a011d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/number-is-nan@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/number-is-nan#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/number-is-nan/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/number-is-nan.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/find-up@2.1.0",
+ "name": "find-up",
+ "version": "2.1.0",
+ "description": "Find a file by walking up parent directories",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "45d1b7e506c717ddd482775a2b77920a3c0c57a7"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/find-up@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/find-up#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/find-up/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/find-up.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/locate-path@2.0.0",
+ "name": "locate-path",
+ "version": "2.0.0",
+ "description": "Get the first path that exists on disk of multiple paths",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "2b568b265eec944c6d9c0de9c3dbbbca0354cd8e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/locate-path@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/locate-path#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/locate-path/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/locate-path.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-locate@2.0.0",
+ "name": "p-locate",
+ "version": "2.0.0",
+ "description": "Get the first fulfilled promise that satisfies the provided testing function",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "20a0103b222a70c8fd39cc2e580680f3dde5ec43"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-locate@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-locate#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-locate/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-locate.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-limit@1.3.0",
+ "name": "p-limit",
+ "version": "1.3.0",
+ "description": "Run multiple promise-returning & async functions with limited concurrency",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "bef717b0b009f43af9ad038f93bb68650649029065d8ae09e9d00d4ac12e87a408e3525872c4bfaa14c66bd12b2145202b758d428258bf2971be3aa68aa100f5"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-limit@1.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-limit#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-limit/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-limit.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-try@1.0.0",
+ "name": "p-try",
+ "version": "1.0.0",
+ "description": "`Promise#try()` ponyfill - Starts a promise chain",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "cbc79cdbaf8fd4228e13f621f2b1a237c1b207b3"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-try@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-try#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-try/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-try.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/get-caller-file@1.0.3",
+ "name": "get-caller-file",
+ "version": "1.0.3",
+ "description": "[](https://travis-ci.org/stefanpenner/get-caller-file) [](https://ci.appveyor.com/project/embercli/get-caller-file/branch/master)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "dedeab553a1ea197d848677c6282c54760c992242b22252b19c8ef157da60f0ddb9fa9363adc073744cd08b6c13bec3ca93be29a10e4bfe2d2b1c6c9635bc4eb"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/get-caller-file@1.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/stefanpenner/get-caller-file#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/stefanpenner/get-caller-file/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/stefanpenner/get-caller-file.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/os-locale@3.1.0",
+ "name": "os-locale",
+ "version": "3.1.0",
+ "description": "Get the system locale",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "67c977478c1858ce34ff9d99f92dbae6891f163f0ab76702d8c298fb1362de416cf97188ed65eefc8df4f5041061b456e228e267ecb1b3da6a121261d03a96dd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/os-locale@3.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/os-locale#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/os-locale/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/os-locale.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/lcid@2.0.0",
+ "name": "lcid",
+ "version": "2.0.0",
+ "description": "Mapping between standard locale identifiers and Windows locale identifiers (LCID)",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6af3c46fc3fc1069f05ca0a5c2c35482bc958e595c46ab4c61ae3d353b1b41a818b93d437179e5d7dd79a315a3a321ab5d1eb31ff63465cf7ac56b0f7280ca78"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/lcid@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/lcid#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/lcid/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/lcid.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/invert-kv@2.0.0",
+ "name": "invert-kv",
+ "version": "2.0.0",
+ "description": "Invert the key/value of an object. Example: `{foo: 'bar'}` → `{bar: 'foo'}`",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "c0f56fff2fd043f5228ab8ffbe1de83fed56c3e0167a19a2d60e5f15618f17a22908108356b8601d132facb7dd61cc038774096c65c35b8240bb3c4494b4aa28"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/invert-kv@2.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/invert-kv#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/invert-kv/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/invert-kv.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/mem@4.3.0",
+ "name": "mem",
+ "version": "4.3.0",
+ "description": "Memoize functions - An optimization used to speed up consecutive function calls by caching the result of calls with identical input",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a97d9b1b8f294ea6115660c1dfbae7ffa3d3ecb711f13ee8017ddb7fdf6ed53b759f3c587f1920a83c14c2894f957c1e3345f304e045cd2c7891fa7b28fd6cff"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/mem@4.3.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/mem#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/mem/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/mem.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/map-age-cleaner@0.1.3",
+ "name": "map-age-cleaner",
+ "version": "0.1.3",
+ "description": "Automatically cleanup expired items in a Map",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6c9cf1ea73283fa3c32cf0459a0efec5129e159bc56e832b1a5c66363f4296f5f9dcaae6bcce5b5c55c45a36f3e1ccf50059fe8d627dcff0c94b3ee1aecd30df"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/map-age-cleaner@0.1.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/SamVerschueren/map-age-cleaner#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/SamVerschueren/map-age-cleaner/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/SamVerschueren/map-age-cleaner.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-defer@1.0.0",
+ "name": "p-defer",
+ "version": "1.0.0",
+ "description": "Create a deferred promise",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9f6eb182f6c9aa8cd743004a7d4f96b196b0fb0c"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-defer@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-defer#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-defer/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-defer.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/p-is-promise@2.1.0",
+ "name": "p-is-promise",
+ "version": "2.1.0",
+ "description": "Check if something is a promise",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "6375b4c2544f2bc64c45b36af7b978339a2d8a8780e659b5cfb6e4364c4291af0748f8d1d314569a90a673dbad89a2cff496f5783f0181e2314d6e00205e393e"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/p-is-promise@2.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/p-is-promise#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/p-is-promise/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/p-is-promise.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/require-main-filename@1.0.1",
+ "name": "require-main-filename",
+ "version": "1.0.1",
+ "description": "shim for require.main.filename() that works in as many environments as possible",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "97f717b69d48784f5f526a6c5aa8ffdda055a4d1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/require-main-filename@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/yargs/require-main-filename#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/require-main-filename/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/yargs/require-main-filename.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/y18n@3.2.1",
+ "name": "y18n",
+ "version": "3.2.1",
+ "description": "the bare-bones internationalization library used by yargs",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "6d15fba884c08679c0d77e88e7759e811e07fa41"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/y18n@3.2.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/yargs/y18n"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/y18n/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/yargs/y18n.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/yargs-parser@9.0.2",
+ "name": "yargs-parser",
+ "version": "9.0.2",
+ "description": "the mighty option parser used by yargs",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "9ccf6a43460fe4ed40a9bb68f48d43b8a68cc077"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/yargs-parser@9.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/yargs/yargs-parser#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/yargs/yargs-parser/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+ssh://git@github.com/yargs/yargs-parser.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/camelcase@4.1.0",
+ "name": "camelcase",
+ "version": "4.1.0",
+ "description": "Convert a dash/dot/underscore/space separated string to camelCase: foo-bar → fooBar",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "d545635be1e33c542649c69173e5de6acfae34dd"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/camelcase@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/camelcase#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/camelcase/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/camelcase.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/proton-shared@1.0.0",
+ "name": "proton-shared",
+ "version": "1.0.0",
+ "description": "Proton shared",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/proton-shared@1.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ProtonMail/proton-shared#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ProtonMail/proton-shared/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ProtonMail/proton-shared.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/dayjs@1.8.30",
+ "name": "dayjs",
+ "version": "1.8.30",
+ "description": "2KB immutable date time library alternative to Moment.js with the same modern API ",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "e6ce481ae3f96d5bc86ce5a410371f997b148f6e1f656d4d30755549d48517f916f1df9a959708f52a41282f9b684c817becf77d4a75ef2ef9ba5b2dbf9b3053"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/dayjs@1.8.30",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://day.js.org"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/iamkun/dayjs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/iamkun/dayjs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/ua-parser-js@0.7.21",
+ "name": "ua-parser-js",
+ "version": "0.7.21",
+ "description": "Lightweight JavaScript-based user-agent string parser",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "f8ef3faa1fd08fc0a00ba79805507290cacdb69e4679b9f8765183fe429756424d0f0cab030488ab0cfc0837feb6c008595c9c29c92eea0217274ab0c7f65769"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/ua-parser-js@0.7.21",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "http://github.com/faisalman/ua-parser-js"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/faisalman/ua-parser-js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/faisalman/ua-parser-js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/pt-formgenerator@1.5.0",
+ "name": "pt-formgenerator",
+ "version": "1.5.0",
+ "description": "Tested with: - Node.js `v11.6.0` - npm `6.7.0`",
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/pt-formgenerator@1.5.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/push.js@1.0.12",
+ "name": "push.js",
+ "version": "1.0.12",
+ "description": "A compact, cross-browser solution for the Javascript Notifications API",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "328ff392b3c3e7c85c6ccbc2ffd5af7943c6cf43c9e13e54c1024fe839cc61bcb17bb6f5c4cffdaaa9894cc983729adb6630ad2f37fdc16b5e93b800f0ef5007"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/push.js@1.0.12",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/Nickersoft/push.js"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/Nickersoft/push.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/Nickersoft/push.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/qrcodejs2@0.0.2",
+ "name": "qrcodejs2",
+ "version": "0.0.2",
+ "description": "Javsacript QRCode for all browsers",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "465afe5e39f19facecb932c11f7a186109146ae1"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/qrcodejs2@0.0.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/davidshimjs/qrcodejs#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/davidshimjs/qrcodejs/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/davidshimjs/qrcodejs.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/raven-js@3.27.2",
+ "name": "raven-js",
+ "version": "3.27.2",
+ "description": "JavaScript client for Sentry",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "9855907179e14451107b91de16ba0f684821967ab2ec5e44d89dc5b1a6f5f3da2776a533723c12562ede97b177e9cafa3ef4185e86753f6179092176fdacde31"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "purl": "pkg:npm/raven-js@3.27.2",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/getsentry/raven-js"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/getsentry/raven-js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git://github.com/getsentry/raven-js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/sieve.js@2.0.6",
+ "name": "sieve.js",
+ "version": "2.0.6",
+ "description": "JavaScript library to wrap sieve configuration",
+ "licenses": [
+ {
+ "license": {
+ "id": "ISC"
+ }
+ }
+ ],
+ "purl": "pkg:npm/sieve.js@2.0.6",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/ProtonMail/sieve.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/ProtonMail/sieve.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/ProtonMail/sieve.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/squire-rte@1.8.11",
+ "name": "squire-rte",
+ "version": "1.8.11",
+ "description": "Squire is an HTML5 rich text editor, which provides powerful cross-browser normalisation, whilst being supremely lightweight and flexible.",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/squire-rte@1.8.11",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/neilj/Squire"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/neilj/Squire/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/neilj/Squire.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/svg4everybody@2.1.9",
+ "name": "svg4everybody",
+ "version": "2.1.9",
+ "description": "Use external SVG spritemaps in any browser",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "5bd9f6defc133859a044646d4743fabc28db7e2d"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ }
+ ],
+ "purl": "pkg:npm/svg4everybody@2.1.9",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jonathantneal/svg4everybody#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jonathantneal/svg4everybody/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jonathantneal/svg4everybody.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/text-security@1.2.0",
+ "name": "text-security",
+ "version": "1.2.0",
+ "description": "Cross-browser alternative to -webkit-text-security",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/text-security@1.2.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/noppa/text-security#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/noppa/text-security/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/noppa/text-security.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/tooltip.js@1.3.3",
+ "name": "tooltip.js",
+ "version": "1.3.3",
+ "description": "A kickass library to create tooltips, based on Popper.js",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "5d65aecbf741745fc5fd8a5113de79caa059e1574b7e24c051d3aaa14fb0266ea984994ca44ce5fe260767ea89b306de4fd546f36d9b35fb044c5f70ce6a32e4"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/tooltip.js@1.3.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/FezVrasta/popper.js#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/FezVrasta/popper.js/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/FezVrasta/popper.js.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/turndown@5.0.3",
+ "name": "turndown",
+ "version": "5.0.3",
+ "description": "A library that converts HTML to Markdown",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "a68a5f19712279da6ae85e6c6912004e12b1abf6db10f5459ec0e751d8da0c622b7bd7f7fce2fd622ff23db3dc67b458503a5e92086bebae9b05f64faf036785"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/turndown@5.0.3",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/domchristie/turndown#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/domchristie/turndown/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/domchristie/turndown.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/unfetch@4.1.0",
+ "name": "unfetch",
+ "version": "4.1.0",
+ "description": "Bare minimum fetch polyfill in 500 bytes",
+ "hashes": [
+ {
+ "alg": "SHA-512",
+ "content": "72b3ff9f77803d427165733d4fcd3fcafd188644c4c762b50f787b0f500933a7f3b1666bc5dc91b8b374247fdd9198752cd1fc2f10a7073a0f1423db6f6886a6"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/unfetch@4.1.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/developit/unfetch"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/developit/unfetch/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/developit/unfetch.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/vcf@2.0.1",
+ "name": "vcf",
+ "version": "2.0.1",
+ "description": "Parse and construct vCards, jCards",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/vcf@2.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jhermsmeier/node-vcf"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jhermsmeier/node-vcf/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jhermsmeier/node-vcf.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/camelcase@3.0.0",
+ "name": "camelcase",
+ "version": "3.0.0",
+ "description": "Convert a dash/dot/underscore/space separated string to camelCase: foo-bar → fooBar",
+ "hashes": [
+ {
+ "alg": "SHA-1",
+ "content": "32fc4b9fcdaf845fcdf7e73bb97cac2261f0ab0a"
+ }
+ ],
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/camelcase@3.0.0",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/sindresorhus/camelcase#readme"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/sindresorhus/camelcase/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/sindresorhus/camelcase.git"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:npm/foldline@1.0.1",
+ "name": "foldline",
+ "version": "1.0.1",
+ "description": "Folds a long line according to the RFC 5322",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "purl": "pkg:npm/foldline@1.0.1",
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "https://github.com/jhermsmeier/node-foldline"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://github.com/jhermsmeier/node-foldline/issues"
+ },
+ {
+ "type": "vcs",
+ "url": "git+https://github.com/jhermsmeier/node-foldline.git"
+ }
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/test/normalize/cdx-1-4-components-xxl.bom.json b/test/normalize/cdx-1-4-components-xxl.bom.json
new file mode 100644
index 00000000..b97aff61
--- /dev/null
+++ b/test/normalize/cdx-1-4-components-xxl.bom.json
@@ -0,0 +1,219298 @@
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.4",
+ "serialNumber": "urn:uuid:xxxx",
+ "version": 1,
+ "metadata": {
+ "component": {
+ "type": "application",
+ "name": "Acme"
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/acl@2.2.53-4?arch=amd64&distro=debian-10&package-id=3fcaa2363534185d",
+ "publisher": "Guillem Jover ",
+ "name": "acl",
+ "version": "2.2.53-4",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:acl:acl:2.2.53-4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/acl@2.2.53-4?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/adduser@3.118?arch=all&distro=debian-10&package-id=3e9282034226b93f",
+ "publisher": "Debian Adduser Developers ",
+ "name": "adduser",
+ "version": "3.118",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:adduser:adduser:3.118:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/adduser@3.118?arch=all&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/apt@1.8.2.2?arch=amd64&distro=debian-10&package-id=a82ef7ad8a96994c",
+ "publisher": "APT Development Team ",
+ "name": "apt",
+ "version": "1.8.2.2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPLv2+"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:apt:apt:1.8.2.2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/apt@1.8.2.2?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/base-files@10.3+deb10u9?arch=amd64&distro=debian-10&package-id=76e37c6412b31348",
+ "publisher": "Santiago Vila ",
+ "name": "base-files",
+ "version": "10.3+deb10u9",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:base-files:base-files:10.3\\+deb10u9:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/base-files@10.3+deb10u9?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/base-passwd@3.5.46?arch=amd64&distro=debian-10&package-id=8c36ab474a82d3ae",
+ "publisher": "Colin Watson ",
+ "name": "base-passwd",
+ "version": "3.5.46",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "PD"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:base-passwd:base-passwd:3.5.46:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/base-passwd@3.5.46?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/bash@5.0-4?arch=amd64&distro=debian-10&package-id=1307b253f0761292",
+ "publisher": "Matthias Klose ",
+ "name": "bash",
+ "version": "5.0-4",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:bash:bash:5.0-4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/bash@5.0-4?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/bsdutils@1:2.33.1-0.1?arch=amd64&upstream=util-linux%402.33.1-0.1&distro=debian-10&package-id=344ffe16352c1b24",
+ "publisher": "LaMont Jones ",
+ "name": "bsdutils",
+ "version": "1:2.33.1-0.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:bsdutils:bsdutils:1\\:2.33.1-0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/bsdutils@1:2.33.1-0.1?arch=amd64&upstream=util-linux%402.33.1-0.1&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/ca-certificates@20200601~deb10u2?arch=all&distro=debian-10&package-id=596c81a431661de3",
+ "publisher": "Julien Cristau ",
+ "name": "ca-certificates",
+ "version": "20200601~deb10u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MPL-2.0"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:ca-certificates:ca-certificates:20200601\\~deb10u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/ca-certificates@20200601~deb10u2?arch=all&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/coreutils@8.30-3?arch=amd64&distro=debian-10&package-id=46b6002891a4d405",
+ "publisher": "Michael Stone ",
+ "name": "coreutils",
+ "version": "8.30-3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:coreutils:coreutils:8.30-3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/coreutils@8.30-3?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/curl@7.64.0-4+deb10u2?arch=amd64&distro=debian-10&package-id=d0effa75c99b912a",
+ "publisher": "Alessandro Ghedini ",
+ "name": "curl",
+ "version": "7.64.0-4+deb10u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "ISC"
+ }
+ },
+ {
+ "license": {
+ "id": "curl"
+ }
+ },
+ {
+ "license": {
+ "name": "other"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:curl:curl:7.64.0-4\\+deb10u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/curl@7.64.0-4+deb10u2?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/dash@0.5.10.2-5?arch=amd64&distro=debian-10&package-id=567db85af6d6aaf3",
+ "publisher": "Andrej Shadura ",
+ "name": "dash",
+ "version": "0.5.10.2-5",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:dash:dash:0.5.10.2-5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/dash@0.5.10.2-5?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/debconf@1.5.71?arch=all&distro=debian-10&package-id=9470bfee238208a1",
+ "publisher": "Debconf Developers ",
+ "name": "debconf",
+ "version": "1.5.71",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:debconf:debconf:1.5.71:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/debconf@1.5.71?arch=all&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/debian-archive-keyring@2019.1+deb10u1?arch=all&distro=debian-10&package-id=f9b380da454eddb4",
+ "publisher": "Debian Release Team ",
+ "name": "debian-archive-keyring",
+ "version": "2019.1+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:debian-archive-keyring:debian-archive-keyring:2019.1\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/debian-archive-keyring@2019.1+deb10u1?arch=all&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/debianutils@4.8.6.1?arch=amd64&distro=debian-10&package-id=a28bc35fdac63cd4",
+ "publisher": "Clint Adams ",
+ "name": "debianutils",
+ "version": "4.8.6.1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:debianutils:debianutils:4.8.6.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/debianutils@4.8.6.1?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/diffutils@1:3.7-3?arch=amd64&distro=debian-10&package-id=6d51f5deb90deb06",
+ "publisher": "Santiago Vila ",
+ "name": "diffutils",
+ "version": "1:3.7-3",
+ "licenses": [
+ {
+ "license": {
+ "name": "GFDL"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:diffutils:diffutils:1\\:3.7-3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/diffutils@1:3.7-3?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/dpkg@1.19.7?arch=amd64&distro=debian-10&package-id=826669ee9d8b4b93",
+ "publisher": "Dpkg Developers ",
+ "name": "dpkg",
+ "version": "1.19.7",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain-md5"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain-s-s-d"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:dpkg:dpkg:1.19.7:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/dpkg@1.19.7?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/fdisk@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10&package-id=743bbe9c435d52f3",
+ "publisher": "LaMont Jones ",
+ "name": "fdisk",
+ "version": "2.33.1-0.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:fdisk:fdisk:2.33.1-0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/fdisk@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/findutils@4.6.0+git+20190209-2?arch=amd64&distro=debian-10&package-id=38adf8ca435355da",
+ "publisher": "Andreas Metzler ",
+ "name": "findutils",
+ "version": "4.6.0+git+20190209-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GFDL-1.3-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:findutils:findutils:4.6.0\\+git\\+20190209-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/findutils@4.6.0+git+20190209-2?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gcc-8-base@8.3.0-6?arch=amd64&upstream=gcc-8&distro=debian-10&package-id=a958e0e726fb519d",
+ "publisher": "Debian GCC Maintainers ",
+ "name": "gcc-8-base",
+ "version": "8.3.0-6",
+ "licenses": [
+ {
+ "license": {
+ "name": "Artistic"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.2-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gcc-8-base:gcc-8-base:8.3.0-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gcc-8-base@8.3.0-6?arch=amd64&upstream=gcc-8&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/opencontainers/runc@v1.0.0-rc95?package-id=9da9932a4449cb95",
+ "name": "github.com/opencontainers/runc",
+ "version": "v1.0.0-rc95",
+ "cpe": "cpe:2.3:a:opencontainers:runc:v1.0.0-rc95:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/opencontainers/runc@v1.0.0-rc95"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/tianon/gosu@(devel)?package-id=19d52095a2282c58",
+ "name": "github.com/tianon/gosu",
+ "version": "(devel)",
+ "cpe": "cpe:2.3:a:tianon:gosu:\\(devel\\):*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/tianon/gosu@(devel)"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887?package-id=a04162bbb33c282d",
+ "name": "golang.org/x/sys",
+ "version": "v0.0.0-20210426230700-d19ff857e887",
+ "cpe": "cpe:2.3:a:golang:x\\/sys:v0.0.0-20210426230700-d19ff857e887:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/golang.org/x/sys@v0.0.0-20210426230700-d19ff857e887"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gpgv@2.2.12-1+deb10u1?arch=amd64&upstream=gnupg2&distro=debian-10&package-id=1ffde2f3ed358894",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gpgv",
+ "version": "2.2.12-1+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gpgv:gpgv:2.2.12-1\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gpgv@2.2.12-1+deb10u1?arch=amd64&upstream=gnupg2&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/grep@3.3-1?arch=amd64&distro=debian-10&package-id=e19c01918650b778",
+ "publisher": "Anibal Monsalve Salazar ",
+ "name": "grep",
+ "version": "3.3-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:grep:grep:3.3-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/grep@3.3-1?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gzip@1.9-3?arch=amd64&distro=debian-10&package-id=7de3a8e52e2d2e8b",
+ "publisher": "Bdale Garbee ",
+ "name": "gzip",
+ "version": "1.9-3",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gzip:gzip:1.9-3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gzip@1.9-3?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/hostname@3.21?arch=amd64&distro=debian-10&package-id=9deb64db83d5e7c0",
+ "publisher": "Michael Meskes ",
+ "name": "hostname",
+ "version": "3.21",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:hostname:hostname:3.21:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/hostname@3.21?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/init-system-helpers@1.56+nmu1?arch=all&distro=debian-10&package-id=7d7ed30b1f37bb0",
+ "publisher": "Debian systemd Maintainers ",
+ "name": "init-system-helpers",
+ "version": "1.56+nmu1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:init-system-helpers:init-system-helpers:1.56\\+nmu1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/init-system-helpers@1.56+nmu1?arch=all&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/insserv@1.18.0-2?arch=amd64&distro=debian-10&package-id=2787dc148b5aa2a",
+ "publisher": "Debian sysvinit maintainers ",
+ "name": "insserv",
+ "version": "1.18.0-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:insserv:insserv:1.18.0-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/insserv@1.18.0-2?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/jq@1.5+dfsg-2+b1?arch=amd64&upstream=jq%401.5+dfsg-2&distro=debian-10&package-id=9d5f6e4d8476a849",
+ "publisher": "ChangZhuo Chen (陳昌倬) ",
+ "name": "jq",
+ "version": "1.5+dfsg-2+b1",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ },
+ {
+ "license": {
+ "id": "CC-BY-3.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:jq:jq:1.5\\+dfsg-2\\+b1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/jq@1.5+dfsg-2+b1?arch=amd64&upstream=jq%401.5+dfsg-2&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libacl1@2.2.53-4?arch=amd64&upstream=acl&distro=debian-10&package-id=a6d0197dab539e98",
+ "publisher": "Guillem Jover ",
+ "name": "libacl1",
+ "version": "2.2.53-4",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libacl1:libacl1:2.2.53-4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libacl1@2.2.53-4?arch=amd64&upstream=acl&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libapt-pkg5.0@1.8.2.2?arch=amd64&upstream=apt&distro=debian-10&package-id=1ab470673f1aff9d",
+ "publisher": "APT Development Team ",
+ "name": "libapt-pkg5.0",
+ "version": "1.8.2.2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPLv2+"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libapt-pkg5.0:libapt-pkg5.0:1.8.2.2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libapt-pkg5.0@1.8.2.2?arch=amd64&upstream=apt&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libattr1@1:2.4.48-4?arch=amd64&upstream=attr&distro=debian-10&package-id=26f28a682fbbe026",
+ "publisher": "Guillem Jover ",
+ "name": "libattr1",
+ "version": "1:2.4.48-4",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libattr1:libattr1:1\\:2.4.48-4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libattr1@1:2.4.48-4?arch=amd64&upstream=attr&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libaudit-common@1:2.8.4-3?arch=all&upstream=audit&distro=debian-10&package-id=eacb6fb921d6e85e",
+ "publisher": "Laurent Bigonville ",
+ "name": "libaudit-common",
+ "version": "1:2.8.4-3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-1.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libaudit-common:libaudit-common:1\\:2.8.4-3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libaudit-common@1:2.8.4-3?arch=all&upstream=audit&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libaudit1@1:2.8.4-3?arch=amd64&upstream=audit&distro=debian-10&package-id=74f57d9ce0c68d86",
+ "publisher": "Laurent Bigonville ",
+ "name": "libaudit1",
+ "version": "1:2.8.4-3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-1.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libaudit1:libaudit1:1\\:2.8.4-3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libaudit1@1:2.8.4-3?arch=amd64&upstream=audit&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libblkid1@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10&package-id=c70296289994443b",
+ "publisher": "LaMont Jones ",
+ "name": "libblkid1",
+ "version": "2.33.1-0.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libblkid1:libblkid1:2.33.1-0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libblkid1@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libbz2-1.0@1.0.6-9.2~deb10u1?arch=amd64&upstream=bzip2&distro=debian-10&package-id=2cf51f0ebe123d92",
+ "publisher": "Anibal Monsalve Salazar ",
+ "name": "libbz2-1.0",
+ "version": "1.0.6-9.2~deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-variant"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libbz2-1.0:libbz2-1.0:1.0.6-9.2\\~deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libbz2-1.0@1.0.6-9.2~deb10u1?arch=amd64&upstream=bzip2&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libc-bin@2.28-10?arch=amd64&upstream=glibc&distro=debian-10&package-id=e79c24d81f90a0f7",
+ "publisher": "GNU Libc Maintainers ",
+ "name": "libc-bin",
+ "version": "2.28-10",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libc-bin:libc-bin:2.28-10:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libc-bin@2.28-10?arch=amd64&upstream=glibc&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libc6@2.28-10?arch=amd64&upstream=glibc&distro=debian-10&package-id=b5ff55594183baf5",
+ "publisher": "GNU Libc Maintainers ",
+ "name": "libc6",
+ "version": "2.28-10",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libc6:libc6:2.28-10:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libc6@2.28-10?arch=amd64&upstream=glibc&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libcap-ng0@0.7.9-2?arch=amd64&upstream=libcap-ng&distro=debian-10&package-id=801e27b4655082f1",
+ "publisher": "Pierre Chifflier ",
+ "name": "libcap-ng0",
+ "version": "0.7.9-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libcap-ng0:libcap-ng0:0.7.9-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libcap-ng0@0.7.9-2?arch=amd64&upstream=libcap-ng&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libcom-err2@1.44.5-1+deb10u3?arch=amd64&upstream=e2fsprogs&distro=debian-10&package-id=c05feef9d71ff201",
+ "publisher": "Theodore Y. Ts'o ",
+ "name": "libcom-err2",
+ "version": "1.44.5-1+deb10u3",
+ "cpe": "cpe:2.3:a:libcom-err2:libcom-err2:1.44.5-1\\+deb10u3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libcom-err2@1.44.5-1+deb10u3?arch=amd64&upstream=e2fsprogs&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?arch=amd64&upstream=curl&distro=debian-10&package-id=f545f78b08ad34e8",
+ "publisher": "Alessandro Ghedini ",
+ "name": "libcurl4",
+ "version": "7.64.0-4+deb10u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "ISC"
+ }
+ },
+ {
+ "license": {
+ "id": "curl"
+ }
+ },
+ {
+ "license": {
+ "name": "other"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libcurl4:libcurl4:7.64.0-4\\+deb10u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?arch=amd64&upstream=curl&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libdb5.3@5.3.28+dfsg1-0.5?arch=amd64&upstream=db5.3&distro=debian-10&package-id=5f1d8daf8bc92e9d",
+ "publisher": "Debian Berkeley DB Team ",
+ "name": "libdb5.3",
+ "version": "5.3.28+dfsg1-0.5",
+ "cpe": "cpe:2.3:a:libdb5.3:libdb5.3:5.3.28\\+dfsg1-0.5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libdb5.3@5.3.28+dfsg1-0.5?arch=amd64&upstream=db5.3&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libdebconfclient0@0.249?arch=amd64&upstream=cdebconf&distro=debian-10&package-id=6872b9d4842b81ec",
+ "publisher": "Debian Install System Team ",
+ "name": "libdebconfclient0",
+ "version": "0.249",
+ "cpe": "cpe:2.3:a:libdebconfclient0:libdebconfclient0:0.249:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libdebconfclient0@0.249?arch=amd64&upstream=cdebconf&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libfdisk1@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10&package-id=6c6e62c52a86ba09",
+ "publisher": "LaMont Jones ",
+ "name": "libfdisk1",
+ "version": "2.33.1-0.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libfdisk1:libfdisk1:2.33.1-0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libfdisk1@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libffi6@3.2.1-9?arch=amd64&upstream=libffi&distro=debian-10&package-id=40f6d811db6b6459",
+ "publisher": "Debian GCC Maintainers ",
+ "name": "libffi6",
+ "version": "3.2.1-9",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libffi6:libffi6:3.2.1-9:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libffi6@3.2.1-9?arch=amd64&upstream=libffi&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgcc1@1:8.3.0-6?arch=amd64&upstream=gcc-8%408.3.0-6&distro=debian-10&package-id=a4ec20e9bb10a790",
+ "publisher": "Debian GCC Maintainers ",
+ "name": "libgcc1",
+ "version": "1:8.3.0-6",
+ "licenses": [
+ {
+ "license": {
+ "name": "Artistic"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.2-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgcc1:libgcc1:1\\:8.3.0-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgcc1@1:8.3.0-6?arch=amd64&upstream=gcc-8%408.3.0-6&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgcrypt20@1.8.4-5?arch=amd64&distro=debian-10&package-id=45f715c434cb0ae3",
+ "publisher": "Debian GnuTLS Maintainers ",
+ "name": "libgcrypt20",
+ "version": "1.8.4-5",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgcrypt20:libgcrypt20:1.8.4-5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgcrypt20@1.8.4-5?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgmp10@2:6.1.2+dfsg-4?arch=amd64&upstream=gmp&distro=debian-10&package-id=8681d22eff791901",
+ "publisher": "Debian Science Team ",
+ "name": "libgmp10",
+ "version": "2:6.1.2+dfsg-4",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgmp10:libgmp10:2\\:6.1.2\\+dfsg-4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgmp10@2:6.1.2+dfsg-4?arch=amd64&upstream=gmp&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgnutls30@3.6.7-4+deb10u6?arch=amd64&upstream=gnutls28&distro=debian-10&package-id=1c198be275868dee",
+ "publisher": "Debian GnuTLS Maintainers ",
+ "name": "libgnutls30",
+ "version": "3.6.7-4+deb10u6",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ },
+ {
+ "license": {
+ "name": "CC0"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.3-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPLv3+"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPLv3+_or_GPLv2+"
+ }
+ },
+ {
+ "license": {
+ "name": "The"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgnutls30:libgnutls30:3.6.7-4\\+deb10u6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgnutls30@3.6.7-4+deb10u6?arch=amd64&upstream=gnutls28&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgpg-error0@1.35-1?arch=amd64&upstream=libgpg-error&distro=debian-10&package-id=e650eaf4629b1d02",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "libgpg-error0",
+ "version": "1.35-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "g10-permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgpg-error0:libgpg-error0:1.35-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgpg-error0@1.35-1?arch=amd64&upstream=libgpg-error&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgssapi-krb5-2@1.17-3+deb10u1?arch=amd64&upstream=krb5&distro=debian-10&package-id=915cbd691e27493a",
+ "publisher": "Sam Hartman ",
+ "name": "libgssapi-krb5-2",
+ "version": "1.17-3+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.17-3\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgssapi-krb5-2@1.17-3+deb10u1?arch=amd64&upstream=krb5&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libhogweed4@3.4.1-1?arch=amd64&upstream=nettle&distro=debian-10&package-id=f512a45c8273c1a3",
+ "publisher": "Magnus Holmgren ",
+ "name": "libhogweed4",
+ "version": "3.4.1-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GAP"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "other"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libhogweed4:libhogweed4:3.4.1-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libhogweed4@3.4.1-1?arch=amd64&upstream=nettle&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libidn2-0@2.0.5-1+deb10u1?arch=amd64&upstream=libidn2&distro=debian-10&package-id=fb57203f630b9840",
+ "publisher": "Debian Libidn team ",
+ "name": "libidn2-0",
+ "version": "2.0.5-1+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "Unicode"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libidn2-0:libidn2-0:2.0.5-1\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libidn2-0@2.0.5-1+deb10u1?arch=amd64&upstream=libidn2&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libjq1@1.5+dfsg-2+b1?arch=amd64&upstream=jq%401.5+dfsg-2&distro=debian-10&package-id=c98431b078a20aed",
+ "publisher": "ChangZhuo Chen (陳昌倬) ",
+ "name": "libjq1",
+ "version": "1.5+dfsg-2+b1",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ },
+ {
+ "license": {
+ "id": "CC-BY-3.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libjq1:libjq1:1.5\\+dfsg-2\\+b1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libjq1@1.5+dfsg-2+b1?arch=amd64&upstream=jq%401.5+dfsg-2&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libk5crypto3@1.17-3+deb10u1?arch=amd64&upstream=krb5&distro=debian-10&package-id=f997918d35a8c2d1",
+ "publisher": "Sam Hartman ",
+ "name": "libk5crypto3",
+ "version": "1.17-3+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libk5crypto3:libk5crypto3:1.17-3\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libk5crypto3@1.17-3+deb10u1?arch=amd64&upstream=krb5&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libkeyutils1@1.6-6?arch=amd64&upstream=keyutils&distro=debian-10&package-id=f3eaa7599631bb13",
+ "publisher": "Christian Kastner ",
+ "name": "libkeyutils1",
+ "version": "1.6-6",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libkeyutils1:libkeyutils1:1.6-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libkeyutils1@1.6-6?arch=amd64&upstream=keyutils&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libkrb5-3@1.17-3+deb10u1?arch=amd64&upstream=krb5&distro=debian-10&package-id=37df1f951aafc2c0",
+ "publisher": "Sam Hartman ",
+ "name": "libkrb5-3",
+ "version": "1.17-3+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libkrb5-3:libkrb5-3:1.17-3\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libkrb5-3@1.17-3+deb10u1?arch=amd64&upstream=krb5&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libkrb5support0@1.17-3+deb10u1?arch=amd64&upstream=krb5&distro=debian-10&package-id=3a2c445f0ccc37e2",
+ "publisher": "Sam Hartman ",
+ "name": "libkrb5support0",
+ "version": "1.17-3+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libkrb5support0:libkrb5support0:1.17-3\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libkrb5support0@1.17-3+deb10u1?arch=amd64&upstream=krb5&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libldap-2.4-2@2.4.47+dfsg-3+deb10u6?arch=amd64&upstream=openldap&distro=debian-10&package-id=dd6f13877960c5cd",
+ "publisher": "Debian OpenLDAP Maintainers ",
+ "name": "libldap-2.4-2",
+ "version": "2.4.47+dfsg-3+deb10u6",
+ "cpe": "cpe:2.3:a:libldap-2.4-2:libldap-2.4-2:2.4.47\\+dfsg-3\\+deb10u6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libldap-2.4-2@2.4.47+dfsg-3+deb10u6?arch=amd64&upstream=openldap&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libldap-common@2.4.47+dfsg-3+deb10u6?arch=all&upstream=openldap&distro=debian-10&package-id=3fbd1c0c811297ae",
+ "publisher": "Debian OpenLDAP Maintainers ",
+ "name": "libldap-common",
+ "version": "2.4.47+dfsg-3+deb10u6",
+ "cpe": "cpe:2.3:a:libldap-common:libldap-common:2.4.47\\+dfsg-3\\+deb10u6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libldap-common@2.4.47+dfsg-3+deb10u6?arch=all&upstream=openldap&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/liblz4-1@1.8.3-1+deb10u1?arch=amd64&upstream=lz4&distro=debian-10&package-id=3703c0e5f7c5fec2",
+ "publisher": "Nobuhiro Iwamatsu ",
+ "name": "liblz4-1",
+ "version": "1.8.3-1+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:liblz4-1:liblz4-1:1.8.3-1\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/liblz4-1@1.8.3-1+deb10u1?arch=amd64&upstream=lz4&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/liblzma5@5.2.4-1?arch=amd64&upstream=xz-utils&distro=debian-10&package-id=711120f227a4ca8",
+ "publisher": "Jonathan Nieder ",
+ "name": "liblzma5",
+ "version": "5.2.4-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "Autoconf"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "PD"
+ }
+ },
+ {
+ "license": {
+ "name": "PD-debian"
+ }
+ },
+ {
+ "license": {
+ "name": "config-h"
+ }
+ },
+ {
+ "license": {
+ "name": "noderivs"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-fsf"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-nowarranty"
+ }
+ },
+ {
+ "license": {
+ "name": "probably-PD"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:liblzma5:liblzma5:5.2.4-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/liblzma5@5.2.4-1?arch=amd64&upstream=xz-utils&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libmount1@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10&package-id=e7866651c1082fc0",
+ "publisher": "LaMont Jones ",
+ "name": "libmount1",
+ "version": "2.33.1-0.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libmount1:libmount1:2.33.1-0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libmount1@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libncurses6@6.1+20181013-2+deb10u2?arch=amd64&upstream=ncurses&distro=debian-10&package-id=1104b89b3ce7b78c",
+ "publisher": "Craig Small ",
+ "name": "libncurses6",
+ "version": "6.1+20181013-2+deb10u2",
+ "cpe": "cpe:2.3:a:libncurses6:libncurses6:6.1\\+20181013-2\\+deb10u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libncurses6@6.1+20181013-2+deb10u2?arch=amd64&upstream=ncurses&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libncursesw6@6.1+20181013-2+deb10u2?arch=amd64&upstream=ncurses&distro=debian-10&package-id=71854d05b1ca05ab",
+ "publisher": "Craig Small ",
+ "name": "libncursesw6",
+ "version": "6.1+20181013-2+deb10u2",
+ "cpe": "cpe:2.3:a:libncursesw6:libncursesw6:6.1\\+20181013-2\\+deb10u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libncursesw6@6.1+20181013-2+deb10u2?arch=amd64&upstream=ncurses&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libnettle6@3.4.1-1?arch=amd64&upstream=nettle&distro=debian-10&package-id=9959b995ca1caa9b",
+ "publisher": "Magnus Holmgren ",
+ "name": "libnettle6",
+ "version": "3.4.1-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GAP"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "other"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libnettle6:libnettle6:3.4.1-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libnettle6@3.4.1-1?arch=amd64&upstream=nettle&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libnghttp2-14@1.36.0-2+deb10u1?arch=amd64&upstream=nghttp2&distro=debian-10&package-id=5390eaa0e24068d",
+ "publisher": "Tomasz Buchert ",
+ "name": "libnghttp2-14",
+ "version": "1.36.0-2+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "SIL-OFL-1.1"
+ }
+ },
+ {
+ "license": {
+ "name": "all-permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libnghttp2-14:libnghttp2-14:1.36.0-2\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libnghttp2-14@1.36.0-2+deb10u1?arch=amd64&upstream=nghttp2&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libonig5@6.9.1-1?arch=amd64&upstream=libonig&distro=debian-10&package-id=a95c90e4b31b4d9f",
+ "publisher": "Jörg Frings-Fürst ",
+ "name": "libonig5",
+ "version": "6.9.1-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libonig5:libonig5:6.9.1-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libonig5@6.9.1-1?arch=amd64&upstream=libonig&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libp11-kit0@0.23.15-2+deb10u1?arch=amd64&upstream=p11-kit&distro=debian-10&package-id=d609c3d39a184627",
+ "publisher": "Debian GnuTLS Maintainers ",
+ "name": "libp11-kit0",
+ "version": "0.23.15-2+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "ISC"
+ }
+ },
+ {
+ "license": {
+ "name": "ISC+IBM"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-like-automake-output"
+ }
+ },
+ {
+ "license": {
+ "name": "same-as-rest-of-p11kit"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libp11-kit0:libp11-kit0:0.23.15-2\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libp11-kit0@0.23.15-2+deb10u1?arch=amd64&upstream=p11-kit&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpam-modules@1.3.1-5?arch=amd64&upstream=pam&distro=debian-10&package-id=aab3cfb1d218fd23",
+ "publisher": "Steve Langasek ",
+ "name": "libpam-modules",
+ "version": "1.3.1-5",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libpam-modules:libpam-modules:1.3.1-5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpam-modules@1.3.1-5?arch=amd64&upstream=pam&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpam-modules-bin@1.3.1-5?arch=amd64&upstream=pam&distro=debian-10&package-id=12161ce3bab02f2",
+ "publisher": "Steve Langasek ",
+ "name": "libpam-modules-bin",
+ "version": "1.3.1-5",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libpam-modules-bin:libpam-modules-bin:1.3.1-5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpam-modules-bin@1.3.1-5?arch=amd64&upstream=pam&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpam-runtime@1.3.1-5?arch=all&upstream=pam&distro=debian-10&package-id=6db7f7079130ac03",
+ "publisher": "Steve Langasek ",
+ "name": "libpam-runtime",
+ "version": "1.3.1-5",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libpam-runtime:libpam-runtime:1.3.1-5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpam-runtime@1.3.1-5?arch=all&upstream=pam&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpam0g@1.3.1-5?arch=amd64&upstream=pam&distro=debian-10&package-id=91c506d4399b261f",
+ "publisher": "Steve Langasek ",
+ "name": "libpam0g",
+ "version": "1.3.1-5",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libpam0g:libpam0g:1.3.1-5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpam0g@1.3.1-5?arch=amd64&upstream=pam&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpcre3@2:8.39-12?arch=amd64&upstream=pcre3&distro=debian-10&package-id=d463b0783493ae72",
+ "publisher": "Matthew Vernon ",
+ "name": "libpcre3",
+ "version": "2:8.39-12",
+ "cpe": "cpe:2.3:a:libpcre3:libpcre3:2\\:8.39-12:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpcre3@2:8.39-12?arch=amd64&upstream=pcre3&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libprocps7@2:3.3.15-2?arch=amd64&upstream=procps&distro=debian-10&package-id=12fb64afab9e657e",
+ "publisher": "Craig Small ",
+ "name": "libprocps7",
+ "version": "2:3.3.15-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libprocps7:libprocps7:2\\:3.3.15-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libprocps7@2:3.3.15-2?arch=amd64&upstream=procps&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpsl5@0.20.2-2?arch=amd64&upstream=libpsl&distro=debian-10&package-id=65dd9d04d79d4653",
+ "publisher": "Tim Rühsen ",
+ "name": "libpsl5",
+ "version": "0.20.2-2",
+ "licenses": [
+ {
+ "license": {
+ "name": "Chromium"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libpsl5:libpsl5:0.20.2-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpsl5@0.20.2-2?arch=amd64&upstream=libpsl&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/librtmp1@2.4+20151223.gitfa8646d.1-2?arch=amd64&upstream=rtmpdump&distro=debian-10&package-id=29db333dac4810d3",
+ "publisher": "Debian Multimedia Maintainers ",
+ "name": "librtmp1",
+ "version": "2.4+20151223.gitfa8646d.1-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:librtmp1:librtmp1:2.4\\+20151223.gitfa8646d.1-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/librtmp1@2.4+20151223.gitfa8646d.1-2?arch=amd64&upstream=rtmpdump&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsasl2-2@2.1.27+dfsg-1+deb10u1?arch=amd64&upstream=cyrus-sasl2&distro=debian-10&package-id=65bf8764cf5e5a05",
+ "publisher": "Debian Cyrus Team ",
+ "name": "libsasl2-2",
+ "version": "2.1.27+dfsg-1+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsasl2-2:libsasl2-2:2.1.27\\+dfsg-1\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsasl2-2@2.1.27+dfsg-1+deb10u1?arch=amd64&upstream=cyrus-sasl2&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsasl2-modules-db@2.1.27+dfsg-1+deb10u1?arch=amd64&upstream=cyrus-sasl2&distro=debian-10&package-id=e3fafef9649e8076",
+ "publisher": "Debian Cyrus Team ",
+ "name": "libsasl2-modules-db",
+ "version": "2.1.27+dfsg-1+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsasl2-modules-db:libsasl2-modules-db:2.1.27\\+dfsg-1\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsasl2-modules-db@2.1.27+dfsg-1+deb10u1?arch=amd64&upstream=cyrus-sasl2&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libseccomp2@2.3.3-4?arch=amd64&upstream=libseccomp&distro=debian-10&package-id=b751700bd628a765",
+ "publisher": "Kees Cook ",
+ "name": "libseccomp2",
+ "version": "2.3.3-4",
+ "licenses": [
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libseccomp2:libseccomp2:2.3.3-4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libseccomp2@2.3.3-4?arch=amd64&upstream=libseccomp&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libselinux1@2.8-1+b1?arch=amd64&upstream=libselinux%402.8-1&distro=debian-10&package-id=123a35c7043b0a0",
+ "publisher": "Debian SELinux maintainers ",
+ "name": "libselinux1",
+ "version": "2.8-1+b1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libselinux1:libselinux1:2.8-1\\+b1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libselinux1@2.8-1+b1?arch=amd64&upstream=libselinux%402.8-1&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsemanage-common@2.8-2?arch=all&upstream=libsemanage&distro=debian-10&package-id=720058c21890c44f",
+ "publisher": "Debian SELinux maintainers ",
+ "name": "libsemanage-common",
+ "version": "2.8-2",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsemanage-common:libsemanage-common:2.8-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsemanage-common@2.8-2?arch=all&upstream=libsemanage&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsemanage1@2.8-2?arch=amd64&upstream=libsemanage&distro=debian-10&package-id=cd3c06cc7a1130a4",
+ "publisher": "Debian SELinux maintainers ",
+ "name": "libsemanage1",
+ "version": "2.8-2",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsemanage1:libsemanage1:2.8-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsemanage1@2.8-2?arch=amd64&upstream=libsemanage&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsepol1@2.8-1?arch=amd64&upstream=libsepol&distro=debian-10&package-id=b33fd215afdc5714",
+ "publisher": "Debian SELinux maintainers ",
+ "name": "libsepol1",
+ "version": "2.8-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsepol1:libsepol1:2.8-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsepol1@2.8-1?arch=amd64&upstream=libsepol&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsmartcols1@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10&package-id=fc03f42224a52138",
+ "publisher": "LaMont Jones ",
+ "name": "libsmartcols1",
+ "version": "2.33.1-0.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsmartcols1:libsmartcols1:2.33.1-0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsmartcols1@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libssh2-1@1.8.0-2.1?arch=amd64&upstream=libssh2&distro=debian-10&package-id=e6614550b3c1af75",
+ "publisher": "Mikhail Gusarov ",
+ "name": "libssh2-1",
+ "version": "1.8.0-2.1",
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD3"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libssh2-1:libssh2-1:1.8.0-2.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libssh2-1@1.8.0-2.1?arch=amd64&upstream=libssh2&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?arch=amd64&upstream=openssl&distro=debian-10&package-id=d9b0754ac1e35c28",
+ "publisher": "Debian OpenSSL Team ",
+ "name": "libssl1.1",
+ "version": "1.1.1d-0+deb10u6",
+ "cpe": "cpe:2.3:a:libssl1.1:libssl1.1:1.1.1d-0\\+deb10u6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?arch=amd64&upstream=openssl&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libstdc++6@8.3.0-6?arch=amd64&upstream=gcc-8&distro=debian-10&package-id=d05459fba83fc410",
+ "publisher": "Debian GCC Maintainers ",
+ "name": "libstdc++6",
+ "version": "8.3.0-6",
+ "licenses": [
+ {
+ "license": {
+ "name": "Artistic"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.2-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:8.3.0-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libstdc++6@8.3.0-6?arch=amd64&upstream=gcc-8&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsystemd0@241-7~deb10u7?arch=amd64&upstream=systemd&distro=debian-10&package-id=a0b3dfe941eedc73",
+ "publisher": "Debian systemd Maintainers ",
+ "name": "libsystemd0",
+ "version": "241-7~deb10u7",
+ "licenses": [
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsystemd0:libsystemd0:241-7\\~deb10u7:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsystemd0@241-7~deb10u7?arch=amd64&upstream=systemd&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libtasn1-6@4.13-3?arch=amd64&distro=debian-10&package-id=692d7710a71ec82b",
+ "publisher": "Debian GnuTLS Maintainers ",
+ "name": "libtasn1-6",
+ "version": "4.13-3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GFDL-1.3-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libtasn1-6:libtasn1-6:4.13-3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libtasn1-6@4.13-3?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libtinfo6@6.1+20181013-2+deb10u2?arch=amd64&upstream=ncurses&distro=debian-10&package-id=9e8c05e586cbb968",
+ "publisher": "Craig Small ",
+ "name": "libtinfo6",
+ "version": "6.1+20181013-2+deb10u2",
+ "cpe": "cpe:2.3:a:libtinfo6:libtinfo6:6.1\\+20181013-2\\+deb10u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libtinfo6@6.1+20181013-2+deb10u2?arch=amd64&upstream=ncurses&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libudev1@241-7~deb10u7?arch=amd64&upstream=systemd&distro=debian-10&package-id=b09ff6ad121b7d3",
+ "publisher": "Debian systemd Maintainers ",
+ "name": "libudev1",
+ "version": "241-7~deb10u7",
+ "licenses": [
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libudev1:libudev1:241-7\\~deb10u7:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libudev1@241-7~deb10u7?arch=amd64&upstream=systemd&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libunistring2@0.9.10-1?arch=amd64&upstream=libunistring&distro=debian-10&package-id=b394fd46c85f8bb7",
+ "publisher": "Jörg Frings-Fürst ",
+ "name": "libunistring2",
+ "version": "0.9.10-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "FreeSoftware"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.2-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GFDL-1.2+"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libunistring2:libunistring2:0.9.10-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libunistring2@0.9.10-1?arch=amd64&upstream=libunistring&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libuuid1@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10&package-id=69873dc165cbbd6e",
+ "publisher": "LaMont Jones ",
+ "name": "libuuid1",
+ "version": "2.33.1-0.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libuuid1:libuuid1:2.33.1-0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libuuid1@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libzstd1@1.3.8+dfsg-3+deb10u2?arch=amd64&upstream=libzstd&distro=debian-10&package-id=b90d64adc03a2a50",
+ "publisher": "Debian Med Packaging Team ",
+ "name": "libzstd1",
+ "version": "1.3.8+dfsg-3+deb10u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "Zlib"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libzstd1:libzstd1:1.3.8\\+dfsg-3\\+deb10u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libzstd1@1.3.8+dfsg-3+deb10u2?arch=amd64&upstream=libzstd&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/login@1:4.5-1.1?arch=amd64&upstream=shadow&distro=debian-10&package-id=98839d2adee55b56",
+ "publisher": "Shadow package maintainers ",
+ "name": "login",
+ "version": "1:4.5-1.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:login:login:1\\:4.5-1.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/login@1:4.5-1.1?arch=amd64&upstream=shadow&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/lsb-base@10.2019051400?arch=all&upstream=lsb&distro=debian-10&package-id=4986087322566df",
+ "publisher": "Debian LSB Team ",
+ "name": "lsb-base",
+ "version": "10.2019051400",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:lsb-base:lsb-base:10.2019051400:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/lsb-base@10.2019051400?arch=all&upstream=lsb&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/mawk@1.3.3-17+b3?arch=amd64&upstream=mawk%401.3.3-17&distro=debian-10&package-id=2aa71b5a2c22f638",
+ "publisher": "Steve Langasek ",
+ "name": "mawk",
+ "version": "1.3.3-17+b3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:mawk:mawk:1.3.3-17\\+b3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/mawk@1.3.3-17+b3?arch=amd64&upstream=mawk%401.3.3-17&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/mount@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10&package-id=d4b73315d7d26098",
+ "publisher": "LaMont Jones ",
+ "name": "mount",
+ "version": "2.33.1-0.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:mount:mount:2.33.1-0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/mount@2.33.1-0.1?arch=amd64&upstream=util-linux&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/ncurses-base@6.1+20181013-2+deb10u2?arch=all&upstream=ncurses&distro=debian-10&package-id=a9450a198d2ae455",
+ "publisher": "Craig Small ",
+ "name": "ncurses-base",
+ "version": "6.1+20181013-2+deb10u2",
+ "cpe": "cpe:2.3:a:ncurses-base:ncurses-base:6.1\\+20181013-2\\+deb10u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/ncurses-base@6.1+20181013-2+deb10u2?arch=all&upstream=ncurses&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?arch=amd64&distro=debian-10&package-id=b87eb2b49275b6d9",
+ "publisher": "Debian OpenSSL Team ",
+ "name": "openssl",
+ "version": "1.1.1d-0+deb10u6",
+ "cpe": "cpe:2.3:a:openssl:openssl:1.1.1d-0\\+deb10u6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/passwd@1:4.5-1.1?arch=amd64&upstream=shadow&distro=debian-10&package-id=6a37b96614be0ad8",
+ "publisher": "Shadow package maintainers ",
+ "name": "passwd",
+ "version": "1:4.5-1.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:passwd:passwd:1\\:4.5-1.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/passwd@1:4.5-1.1?arch=amd64&upstream=shadow&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/perl-base@5.28.1-6+deb10u1?arch=amd64&upstream=perl&distro=debian-10&package-id=99c7261aa39b37e1",
+ "publisher": "Niko Tyni ",
+ "name": "perl-base",
+ "version": "5.28.1-6+deb10u1",
+ "licenses": [
+ {
+ "license": {
+ "name": "Artistic"
+ }
+ },
+ {
+ "license": {
+ "id": "Artistic-2.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Artistic-dist"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "BSD-3-clause-GENERIC"
+ }
+ },
+ {
+ "license": {
+ "name": "BSD-3-clause-with-weird-numbering"
+ }
+ },
+ {
+ "license": {
+ "name": "BSD-4-clause-POWERDOG"
+ }
+ },
+ {
+ "license": {
+ "name": "BZIP"
+ }
+ },
+ {
+ "license": {
+ "name": "DONT-CHANGE-THE-GPL"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-1.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-1.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL-3+-WITH-BISON-EXCEPTION"
+ }
+ },
+ {
+ "license": {
+ "name": "HSIEH-BSD"
+ }
+ },
+ {
+ "license": {
+ "name": "HSIEH-DERIVATIVE"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "name": "REGCOMP"
+ }
+ },
+ {
+ "license": {
+ "name": "REGCOMP,"
+ }
+ },
+ {
+ "license": {
+ "name": "RRA-KEEP-THIS-NOTICE"
+ }
+ },
+ {
+ "license": {
+ "name": "S2P"
+ }
+ },
+ {
+ "license": {
+ "name": "SDBM-PUBLIC-DOMAIN"
+ }
+ },
+ {
+ "license": {
+ "name": "TEXT-TABS"
+ }
+ },
+ {
+ "license": {
+ "name": "Unicode"
+ }
+ },
+ {
+ "license": {
+ "id": "Zlib"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:perl-base:perl-base:5.28.1-6\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/perl-base@5.28.1-6+deb10u1?arch=amd64&upstream=perl&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/procps@2:3.3.15-2?arch=amd64&distro=debian-10&package-id=ecd7f395d1b30af7",
+ "publisher": "Craig Small ",
+ "name": "procps",
+ "version": "2:3.3.15-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:procps:procps:2\\:3.3.15-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/procps@2:3.3.15-2?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/sed@4.7-1?arch=amd64&distro=debian-10&package-id=cd24b1a69c7b788a",
+ "publisher": "Clint Adams ",
+ "name": "sed",
+ "version": "4.7-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:sed:sed:4.7-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/sed@4.7-1?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/startpar@0.61-1?arch=amd64&distro=debian-10&package-id=bfa1cab592ae4a14",
+ "publisher": "Debian sysvinit maintainers ",
+ "name": "startpar",
+ "version": "0.61-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:startpar:startpar:0.61-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/startpar@0.61-1?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/sysv-rc@2.93-8?arch=all&upstream=sysvinit&distro=debian-10&package-id=ea0552f0f86929b5",
+ "publisher": "Debian sysvinit maintainers ",
+ "name": "sysv-rc",
+ "version": "2.93-8",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:sysv-rc:sysv-rc:2.93-8:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/sysv-rc@2.93-8?arch=all&upstream=sysvinit&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/sysvinit-utils@2.93-8?arch=amd64&upstream=sysvinit&distro=debian-10&package-id=9762b89f96a3933c",
+ "publisher": "Debian sysvinit maintainers ",
+ "name": "sysvinit-utils",
+ "version": "2.93-8",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:sysvinit-utils:sysvinit-utils:2.93-8:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/sysvinit-utils@2.93-8?arch=amd64&upstream=sysvinit&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/tar@1.30+dfsg-6?arch=amd64&distro=debian-10&package-id=c194088099b2a715",
+ "publisher": "Bdale Garbee ",
+ "name": "tar",
+ "version": "1.30+dfsg-6",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:tar:tar:1.30\\+dfsg-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/tar@1.30+dfsg-6?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/tzdata@2021a-0+deb10u1?arch=all&distro=debian-10&package-id=382d46893fab7c54",
+ "publisher": "GNU Libc Maintainers ",
+ "name": "tzdata",
+ "version": "2021a-0+deb10u1",
+ "cpe": "cpe:2.3:a:tzdata:tzdata:2021a-0\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/tzdata@2021a-0+deb10u1?arch=all&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/util-linux@2.33.1-0.1?arch=amd64&distro=debian-10&package-id=cc8d30d3a3bc01b6",
+ "publisher": "LaMont Jones ",
+ "name": "util-linux",
+ "version": "2.33.1-0.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:util-linux:util-linux:2.33.1-0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/util-linux@2.33.1-0.1?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/zlib1g@1:1.2.11.dfsg-1?arch=amd64&upstream=zlib&distro=debian-10&package-id=462eb7255c2bc918",
+ "publisher": "Mark Brown ",
+ "name": "zlib1g",
+ "version": "1:1.2.11.dfsg-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "Zlib"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.11.dfsg-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/zlib1g@1:1.2.11.dfsg-1?arch=amd64&upstream=zlib&distro=debian-10"
+ },
+ {
+ "type": "operating-system",
+ "name": "debian",
+ "version": "10",
+ "description": "Debian GNU/Linux 10 (buster)",
+ "swid": {
+ "tagId": "debian",
+ "name": "debian",
+ "version": "10"
+ },
+ "externalReferences": [
+ {
+ "url": "https://bugs.debian.org/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://www.debian.org/",
+ "type": "website"
+ },
+ {
+ "url": "https://www.debian.org/support",
+ "comment": "support",
+ "type": "other"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/adduser@3.118?arch=all&distro=debian-11&package-id=3e9282034226b93f",
+ "publisher": "Debian Adduser Developers ",
+ "name": "adduser",
+ "version": "3.118",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:adduser:adduser:3.118:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/adduser@3.118?arch=all&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/apt@2.2.4?arch=amd64&distro=debian-11&package-id=1cce537379623b25",
+ "publisher": "APT Development Team ",
+ "name": "apt",
+ "version": "2.2.4",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPLv2+"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:apt:apt:2.2.4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/apt@2.2.4?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/base-files@11.1+deb11u6?arch=amd64&distro=debian-11&package-id=3c26dd637259b397",
+ "publisher": "Santiago Vila ",
+ "name": "base-files",
+ "version": "11.1+deb11u6",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:base-files:base-files:11.1\\+deb11u6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/base-files@11.1+deb11u6?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/base-passwd@3.5.51?arch=amd64&distro=debian-11&package-id=7ae3e2ba2e10f31",
+ "publisher": "Colin Watson ",
+ "name": "base-passwd",
+ "version": "3.5.51",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:base-passwd:base-passwd:3.5.51:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/base-passwd@3.5.51?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/bash@5.1-2+deb11u1?arch=amd64&distro=debian-11&package-id=94b35b4f7d874a43",
+ "publisher": "Matthias Klose ",
+ "name": "bash",
+ "version": "5.1-2+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:bash:bash:5.1-2\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/bash@5.1-2+deb11u1?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/bsdutils@1:2.36.1-8+deb11u1?arch=amd64&upstream=util-linux%402.36.1-8+deb11u1&distro=debian-11&package-id=677e6ace24dce684",
+ "publisher": "util-linux packagers ",
+ "name": "bsdutils",
+ "version": "1:2.36.1-8+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:bsdutils:bsdutils:1\\:2.36.1-8\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/bsdutils@1:2.36.1-8+deb11u1?arch=amd64&upstream=util-linux%402.36.1-8+deb11u1&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/ca-certificates@20210119?arch=all&distro=debian-11&package-id=6b7e2b0745c43628",
+ "publisher": "Julien Cristau ",
+ "name": "ca-certificates",
+ "version": "20210119",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MPL-2.0"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:ca-certificates:ca-certificates:20210119:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/ca-certificates@20210119?arch=all&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/coreutils@8.32-4+b1?arch=amd64&upstream=coreutils%408.32-4&distro=debian-11&package-id=65bac153c492b66e",
+ "publisher": "Michael Stone ",
+ "name": "coreutils",
+ "version": "8.32-4+b1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:coreutils:coreutils:8.32-4\\+b1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/coreutils@8.32-4+b1?arch=amd64&upstream=coreutils%408.32-4&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/curl@7.74.0-1.3+deb11u7?arch=amd64&distro=debian-11&package-id=cfa0e9d1620ffa4d",
+ "publisher": "Alessandro Ghedini ",
+ "name": "curl",
+ "version": "7.74.0-1.3+deb11u7",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "ISC"
+ }
+ },
+ {
+ "license": {
+ "id": "curl"
+ }
+ },
+ {
+ "license": {
+ "name": "other"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:curl:curl:7.74.0-1.3\\+deb11u7:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/curl@7.74.0-1.3+deb11u7?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/dash@0.5.11+git20200708+dd9ef66-5?arch=amd64&distro=debian-11&package-id=19db7775ce4c27be",
+ "publisher": "Andrej Shadura ",
+ "name": "dash",
+ "version": "0.5.11+git20200708+dd9ef66-5",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "FSFUL"
+ }
+ },
+ {
+ "license": {
+ "id": "FSFULLR"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:dash:dash:0.5.11\\+git20200708\\+dd9ef66-5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/dash@0.5.11+git20200708+dd9ef66-5?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/debconf@1.5.77?arch=all&distro=debian-11&package-id=99525df5637687bd",
+ "publisher": "Debconf Developers ",
+ "name": "debconf",
+ "version": "1.5.77",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:debconf:debconf:1.5.77:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/debconf@1.5.77?arch=all&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/debian-archive-keyring@2021.1.1?arch=all&distro=debian-11&package-id=f7fcb44a58e72708",
+ "publisher": "Debian Release Team ",
+ "name": "debian-archive-keyring",
+ "version": "2021.1.1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:debian-archive-keyring:debian-archive-keyring:2021.1.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/debian-archive-keyring@2021.1.1?arch=all&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/debianutils@4.11.2?arch=amd64&distro=debian-11&package-id=4cd4f150dae8c295",
+ "publisher": "Clint Adams ",
+ "name": "debianutils",
+ "version": "4.11.2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:debianutils:debianutils:4.11.2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/debianutils@4.11.2?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/diffutils@1:3.7-5?arch=amd64&distro=debian-11&package-id=9133f9a320bf77e1",
+ "publisher": "Santiago Vila ",
+ "name": "diffutils",
+ "version": "1:3.7-5",
+ "licenses": [
+ {
+ "license": {
+ "name": "GFDL"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:diffutils:diffutils:1\\:3.7-5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/diffutils@1:3.7-5?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/dirmngr@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11&package-id=51dda820ce87a9d6",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "dirmngr",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:dirmngr:dirmngr:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/dirmngr@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/dpkg@1.20.12?arch=amd64&distro=debian-11&package-id=3dbbad249b74a866",
+ "publisher": "Dpkg Developers ",
+ "name": "dpkg",
+ "version": "1.20.12",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain-md5"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain-s-s-d"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:dpkg:dpkg:1.20.12:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/dpkg@1.20.12?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/e2fsprogs@1.46.2-2?arch=amd64&distro=debian-11&package-id=7c4baa682137e759",
+ "publisher": "Theodore Y. Ts'o ",
+ "name": "e2fsprogs",
+ "version": "1.46.2-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:e2fsprogs:e2fsprogs:1.46.2-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/e2fsprogs@1.46.2-2?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/findutils@4.8.0-1?arch=amd64&distro=debian-11&package-id=b503e3d45616f33c",
+ "publisher": "Andreas Metzler ",
+ "name": "findutils",
+ "version": "4.8.0-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GFDL-1.3-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:findutils:findutils:4.8.0-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/findutils@4.8.0-1?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gcc-10-base@10.2.1-6?arch=amd64&upstream=gcc-10&distro=debian-11&package-id=742204f033ae5a1e",
+ "publisher": "Debian GCC Maintainers ",
+ "name": "gcc-10-base",
+ "version": "10.2.1-6",
+ "licenses": [
+ {
+ "license": {
+ "name": "Artistic"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.2-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gcc-10-base:gcc-10-base:10.2.1-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gcc-10-base@10.2.1-6?arch=amd64&upstream=gcc-10&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gcc-9-base@9.3.0-22?arch=amd64&upstream=gcc-9&distro=debian-11&package-id=57c0768e353bbfc8",
+ "publisher": "Debian GCC Maintainers ",
+ "name": "gcc-9-base",
+ "version": "9.3.0-22",
+ "licenses": [
+ {
+ "license": {
+ "name": "Artistic"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.2-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gcc-9-base:gcc-9-base:9.3.0-22:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gcc-9-base@9.3.0-22?arch=amd64&upstream=gcc-9&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gnupg@2.2.27-2+deb11u2?arch=all&upstream=gnupg2&distro=debian-11&package-id=2fa645d733f4fb20",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gnupg",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gnupg:gnupg:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gnupg@2.2.27-2+deb11u2?arch=all&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gnupg-l10n@2.2.27-2+deb11u2?arch=all&upstream=gnupg2&distro=debian-11&package-id=1c8761869d3138a2",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gnupg-l10n",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gnupg-l10n:gnupg-l10n:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gnupg-l10n@2.2.27-2+deb11u2?arch=all&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gnupg-utils@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11&package-id=d594c552b6ca1112",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gnupg-utils",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gnupg-utils:gnupg-utils:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gnupg-utils@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gpg@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11&package-id=182fe2545483a689",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gpg",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gpg:gpg:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gpg@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gpg-agent@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11&package-id=af8333b079fd696",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gpg-agent",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gpg-agent:gpg-agent:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gpg-agent@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gpg-wks-client@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11&package-id=7e338b8ee49ad1b2",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gpg-wks-client",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gpg-wks-client:gpg-wks-client:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gpg-wks-client@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gpg-wks-server@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11&package-id=d8d521443f75f35a",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gpg-wks-server",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gpg-wks-server:gpg-wks-server:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gpg-wks-server@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gpgconf@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11&package-id=eb729dbb773068e5",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gpgconf",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gpgconf:gpgconf:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gpgconf@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gpgsm@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11&package-id=1ff09262bf4b65d9",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gpgsm",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gpgsm:gpgsm:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gpgsm@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gpgv@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11&package-id=b6346590c45ba7ab",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "gpgv",
+ "version": "2.2.27-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "RFC-Reference"
+ }
+ },
+ {
+ "license": {
+ "name": "TinySCHEME"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gpgv:gpgv:2.2.27-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gpgv@2.2.27-2+deb11u2?arch=amd64&upstream=gnupg2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/grep@3.6-1?arch=amd64&distro=debian-11&package-id=9ed140c6f7959d",
+ "publisher": "Anibal Monsalve Salazar ",
+ "name": "grep",
+ "version": "3.6-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:grep:grep:3.6-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/grep@3.6-1?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/gzip@1.10-4+deb11u1?arch=amd64&distro=debian-11&package-id=ade955af6710751d",
+ "publisher": "Milan Kupcevic ",
+ "name": "gzip",
+ "version": "1.10-4+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "name": "FSF-manpages"
+ }
+ },
+ {
+ "license": {
+ "name": "GFDL-1.3+-no-invariant"
+ }
+ },
+ {
+ "license": {
+ "name": "GFDL-3"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:gzip:gzip:1.10-4\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/gzip@1.10-4+deb11u1?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/hostname@3.23?arch=amd64&distro=debian-11&package-id=fec906d1ab1d9712",
+ "publisher": "Michael Meskes ",
+ "name": "hostname",
+ "version": "3.23",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:hostname:hostname:3.23:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/hostname@3.23?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/influxdb@1.8.10-1?arch=amd64&distro=debian-11&package-id=668a12601e14b1ae",
+ "publisher": "support@influxdb.com",
+ "name": "influxdb",
+ "version": "1.8.10-1",
+ "cpe": "cpe:2.3:a:influxdb:influxdb:1.8.10-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/influxdb@1.8.10-1?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/init-system-helpers@1.60?arch=all&distro=debian-11&package-id=9853db6c4e48777f",
+ "publisher": "Debian systemd Maintainers ",
+ "name": "init-system-helpers",
+ "version": "1.60",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:init-system-helpers:init-system-helpers:1.60:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/init-system-helpers@1.60?arch=all&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libacl1@2.2.53-10?arch=amd64&upstream=acl&distro=debian-11&package-id=e26fd10cf6ff246",
+ "publisher": "Guillem Jover ",
+ "name": "libacl1",
+ "version": "2.2.53-10",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libacl1:libacl1:2.2.53-10:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libacl1@2.2.53-10?arch=amd64&upstream=acl&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libapt-pkg6.0@2.2.4?arch=amd64&upstream=apt&distro=debian-11&package-id=da442f0998cccf2b",
+ "publisher": "APT Development Team ",
+ "name": "libapt-pkg6.0",
+ "version": "2.2.4",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPLv2+"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libapt-pkg6.0:libapt-pkg6.0:2.2.4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libapt-pkg6.0@2.2.4?arch=amd64&upstream=apt&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libassuan0@2.5.3-7.1?arch=amd64&upstream=libassuan&distro=debian-11&package-id=6de2e25825b06a93",
+ "publisher": "Debian GnuPG-Maintainers ",
+ "name": "libassuan0",
+ "version": "2.5.3-7.1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GAP"
+ }
+ },
+ {
+ "license": {
+ "name": "GAP~FSF"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libassuan0:libassuan0:2.5.3-7.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libassuan0@2.5.3-7.1?arch=amd64&upstream=libassuan&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libattr1@1:2.4.48-6?arch=amd64&upstream=attr&distro=debian-11&package-id=254a97dd16e20391",
+ "publisher": "Guillem Jover ",
+ "name": "libattr1",
+ "version": "1:2.4.48-6",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libattr1:libattr1:1\\:2.4.48-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libattr1@1:2.4.48-6?arch=amd64&upstream=attr&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libaudit-common@1:3.0-2?arch=all&upstream=audit&distro=debian-11&package-id=e666dc18886f28ff",
+ "publisher": "Laurent Bigonville ",
+ "name": "libaudit-common",
+ "version": "1:3.0-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-1.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libaudit-common:libaudit-common:1\\:3.0-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libaudit-common@1:3.0-2?arch=all&upstream=audit&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libaudit1@1:3.0-2?arch=amd64&upstream=audit&distro=debian-11&package-id=ae77fe6c43b7188d",
+ "publisher": "Laurent Bigonville ",
+ "name": "libaudit1",
+ "version": "1:3.0-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-1.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libaudit1:libaudit1:1\\:3.0-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libaudit1@1:3.0-2?arch=amd64&upstream=audit&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libblkid1@2.36.1-8+deb11u1?arch=amd64&upstream=util-linux&distro=debian-11&package-id=f235c9c5cb7b4190",
+ "publisher": "util-linux packagers ",
+ "name": "libblkid1",
+ "version": "2.36.1-8+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libblkid1:libblkid1:2.36.1-8\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libblkid1@2.36.1-8+deb11u1?arch=amd64&upstream=util-linux&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libbrotli1@1.0.9-2+b2?arch=amd64&upstream=brotli%401.0.9-2&distro=debian-11&package-id=56558463e048d713",
+ "publisher": "Tomasz Buchert ",
+ "name": "libbrotli1",
+ "version": "1.0.9-2+b2",
+ "licenses": [
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libbrotli1:libbrotli1:1.0.9-2\\+b2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libbrotli1@1.0.9-2+b2?arch=amd64&upstream=brotli%401.0.9-2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libbz2-1.0@1.0.8-4?arch=amd64&upstream=bzip2&distro=debian-11&package-id=120fe415369d1784",
+ "publisher": "Anibal Monsalve Salazar ",
+ "name": "libbz2-1.0",
+ "version": "1.0.8-4",
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-variant"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libbz2-1.0:libbz2-1.0:1.0.8-4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libbz2-1.0@1.0.8-4?arch=amd64&upstream=bzip2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libc-bin@2.31-13+deb11u5?arch=amd64&upstream=glibc&distro=debian-11&package-id=228ff11572a24b74",
+ "publisher": "GNU Libc Maintainers ",
+ "name": "libc-bin",
+ "version": "2.31-13+deb11u5",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libc-bin:libc-bin:2.31-13\\+deb11u5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libc-bin@2.31-13+deb11u5?arch=amd64&upstream=glibc&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libc6@2.31-13+deb11u5?arch=amd64&upstream=glibc&distro=debian-11&package-id=abe2c3f30be707e3",
+ "publisher": "GNU Libc Maintainers ",
+ "name": "libc6",
+ "version": "2.31-13+deb11u5",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libc6:libc6:2.31-13\\+deb11u5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libc6@2.31-13+deb11u5?arch=amd64&upstream=glibc&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libcap-ng0@0.7.9-2.2+b1?arch=amd64&upstream=libcap-ng%400.7.9-2.2&distro=debian-11&package-id=77d3f745010c245",
+ "publisher": "Pierre Chifflier ",
+ "name": "libcap-ng0",
+ "version": "0.7.9-2.2+b1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libcap-ng0:libcap-ng0:0.7.9-2.2\\+b1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libcap-ng0@0.7.9-2.2+b1?arch=amd64&upstream=libcap-ng%400.7.9-2.2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libcom-err2@1.46.2-2?arch=amd64&upstream=e2fsprogs&distro=debian-11&package-id=c3e2285fd362b920",
+ "publisher": "Theodore Y. Ts'o ",
+ "name": "libcom-err2",
+ "version": "1.46.2-2",
+ "cpe": "cpe:2.3:a:libcom-err2:libcom-err2:1.46.2-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libcom-err2@1.46.2-2?arch=amd64&upstream=e2fsprogs&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libcrypt1@1:4.4.18-4?arch=amd64&upstream=libxcrypt&distro=debian-11&package-id=4d32f8aeb497b2e2",
+ "publisher": "Marco d'Itri ",
+ "name": "libcrypt1",
+ "version": "1:4.4.18-4",
+ "cpe": "cpe:2.3:a:libcrypt1:libcrypt1:1\\:4.4.18-4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libcrypt1@1:4.4.18-4?arch=amd64&upstream=libxcrypt&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libcurl4@7.74.0-1.3+deb11u7?arch=amd64&upstream=curl&distro=debian-11&package-id=5ca0f748c3f34f0",
+ "publisher": "Alessandro Ghedini ",
+ "name": "libcurl4",
+ "version": "7.74.0-1.3+deb11u7",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "ISC"
+ }
+ },
+ {
+ "license": {
+ "id": "curl"
+ }
+ },
+ {
+ "license": {
+ "name": "other"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libcurl4:libcurl4:7.74.0-1.3\\+deb11u7:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libcurl4@7.74.0-1.3+deb11u7?arch=amd64&upstream=curl&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libdb5.3@5.3.28+dfsg1-0.8?arch=amd64&upstream=db5.3&distro=debian-11&package-id=bd40bf11043e04a6",
+ "publisher": "Debian Berkeley DB Team ",
+ "name": "libdb5.3",
+ "version": "5.3.28+dfsg1-0.8",
+ "cpe": "cpe:2.3:a:libdb5.3:libdb5.3:5.3.28\\+dfsg1-0.8:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libdb5.3@5.3.28+dfsg1-0.8?arch=amd64&upstream=db5.3&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libdebconfclient0@0.260?arch=amd64&upstream=cdebconf&distro=debian-11&package-id=f46e6be545ae8a8c",
+ "publisher": "Debian Install System Team ",
+ "name": "libdebconfclient0",
+ "version": "0.260",
+ "cpe": "cpe:2.3:a:libdebconfclient0:libdebconfclient0:0.260:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libdebconfclient0@0.260?arch=amd64&upstream=cdebconf&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libext2fs2@1.46.2-2?arch=amd64&upstream=e2fsprogs&distro=debian-11&package-id=78620e65fcd780c3",
+ "publisher": "Theodore Y. Ts'o ",
+ "name": "libext2fs2",
+ "version": "1.46.2-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libext2fs2:libext2fs2:1.46.2-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libext2fs2@1.46.2-2?arch=amd64&upstream=e2fsprogs&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libffi7@3.3-6?arch=amd64&upstream=libffi&distro=debian-11&package-id=b76aa1c712147c28",
+ "publisher": "Debian GCC Maintainers ",
+ "name": "libffi7",
+ "version": "3.3-6",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libffi7:libffi7:3.3-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libffi7@3.3-6?arch=amd64&upstream=libffi&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgcc-s1@10.2.1-6?arch=amd64&upstream=gcc-10&distro=debian-11&package-id=ddb4ba0153b59955",
+ "publisher": "Debian GCC Maintainers ",
+ "name": "libgcc-s1",
+ "version": "10.2.1-6",
+ "licenses": [
+ {
+ "license": {
+ "name": "Artistic"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.2-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgcc-s1:libgcc-s1:10.2.1-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgcc-s1@10.2.1-6?arch=amd64&upstream=gcc-10&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgcrypt20@1.8.7-6?arch=amd64&distro=debian-11&package-id=7bc9b7389c934ca8",
+ "publisher": "Debian GnuTLS Maintainers ",
+ "name": "libgcrypt20",
+ "version": "1.8.7-6",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgcrypt20:libgcrypt20:1.8.7-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgcrypt20@1.8.7-6?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgmp10@2:6.2.1+dfsg-1+deb11u1?arch=amd64&upstream=gmp&distro=debian-11&package-id=b8566db47d8d4ddc",
+ "publisher": "Debian Science Team ",
+ "name": "libgmp10",
+ "version": "2:6.2.1+dfsg-1+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgmp10:libgmp10:2\\:6.2.1\\+dfsg-1\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgmp10@2:6.2.1+dfsg-1+deb11u1?arch=amd64&upstream=gmp&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgnutls30@3.7.1-5+deb11u3?arch=amd64&upstream=gnutls28&distro=debian-11&package-id=7a4a4d471a0c6aed",
+ "publisher": "Debian GnuTLS Maintainers ",
+ "name": "libgnutls30",
+ "version": "3.7.1-5+deb11u3",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "CC0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.3-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPLv3+"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPLv2.1+"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPLv3+_or_GPLv2+"
+ }
+ },
+ {
+ "license": {
+ "name": "The"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgnutls30:libgnutls30:3.7.1-5\\+deb11u3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgnutls30@3.7.1-5+deb11u3?arch=amd64&upstream=gnutls28&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgpg-error0@1.38-2?arch=amd64&upstream=libgpg-error&distro=debian-11&package-id=2391ec82a95e1b79",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "libgpg-error0",
+ "version": "1.38-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "g10-permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgpg-error0:libgpg-error0:1.38-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgpg-error0@1.38-2?arch=amd64&upstream=libgpg-error&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libgssapi-krb5-2@1.18.3-6+deb11u3?arch=amd64&upstream=krb5&distro=debian-11&package-id=3f685865c7e045c1",
+ "publisher": "Sam Hartman ",
+ "name": "libgssapi-krb5-2",
+ "version": "1.18.3-6+deb11u3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.18.3-6\\+deb11u3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libgssapi-krb5-2@1.18.3-6+deb11u3?arch=amd64&upstream=krb5&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libhogweed6@3.7.3-1?arch=amd64&upstream=nettle&distro=debian-11&package-id=5e22b39e8cb919f6",
+ "publisher": "Magnus Holmgren ",
+ "name": "libhogweed6",
+ "version": "3.7.3-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "name": "GAP"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libhogweed6:libhogweed6:3.7.3-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libhogweed6@3.7.3-1?arch=amd64&upstream=nettle&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libidn2-0@2.3.0-5?arch=amd64&upstream=libidn2&distro=debian-11&package-id=8eb1c8304ad48ef2",
+ "publisher": "Debian Libidn team ",
+ "name": "libidn2-0",
+ "version": "2.3.0-5",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "Unicode"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libidn2-0:libidn2-0:2.3.0-5:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libidn2-0@2.3.0-5?arch=amd64&upstream=libidn2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libk5crypto3@1.18.3-6+deb11u3?arch=amd64&upstream=krb5&distro=debian-11&package-id=ae9e3b8691722eba",
+ "publisher": "Sam Hartman ",
+ "name": "libk5crypto3",
+ "version": "1.18.3-6+deb11u3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libk5crypto3:libk5crypto3:1.18.3-6\\+deb11u3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libk5crypto3@1.18.3-6+deb11u3?arch=amd64&upstream=krb5&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libkeyutils1@1.6.1-2?arch=amd64&upstream=keyutils&distro=debian-11&package-id=308487f5f23bf878",
+ "publisher": "Christian Kastner ",
+ "name": "libkeyutils1",
+ "version": "1.6.1-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libkeyutils1:libkeyutils1:1.6.1-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libkeyutils1@1.6.1-2?arch=amd64&upstream=keyutils&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libkrb5-3@1.18.3-6+deb11u3?arch=amd64&upstream=krb5&distro=debian-11&package-id=8bdffe6652e8e7ef",
+ "publisher": "Sam Hartman ",
+ "name": "libkrb5-3",
+ "version": "1.18.3-6+deb11u3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libkrb5-3:libkrb5-3:1.18.3-6\\+deb11u3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libkrb5-3@1.18.3-6+deb11u3?arch=amd64&upstream=krb5&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libkrb5support0@1.18.3-6+deb11u3?arch=amd64&upstream=krb5&distro=debian-11&package-id=471e6243bbbcf8b2",
+ "publisher": "Sam Hartman ",
+ "name": "libkrb5support0",
+ "version": "1.18.3-6+deb11u3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libkrb5support0:libkrb5support0:1.18.3-6\\+deb11u3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libkrb5support0@1.18.3-6+deb11u3?arch=amd64&upstream=krb5&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libksba8@1.5.0-3+deb11u2?arch=amd64&upstream=libksba&distro=debian-11&package-id=5d2c888e571614c7",
+ "publisher": "Debian GnuTLS Maintainers ",
+ "name": "libksba8",
+ "version": "1.5.0-3+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "FSFUL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libksba8:libksba8:1.5.0-3\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libksba8@1.5.0-3+deb11u2?arch=amd64&upstream=libksba&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libldap-2.4-2@2.4.57+dfsg-3+deb11u1?arch=amd64&upstream=openldap&distro=debian-11&package-id=796a192b709a2a2b",
+ "publisher": "Debian OpenLDAP Maintainers ",
+ "name": "libldap-2.4-2",
+ "version": "2.4.57+dfsg-3+deb11u1",
+ "cpe": "cpe:2.3:a:libldap-2.4-2:libldap-2.4-2:2.4.57\\+dfsg-3\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libldap-2.4-2@2.4.57+dfsg-3+deb11u1?arch=amd64&upstream=openldap&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/liblz4-1@1.9.3-2?arch=amd64&upstream=lz4&distro=debian-11&package-id=b59e208fb7f8bae4",
+ "publisher": "Nobuhiro Iwamatsu ",
+ "name": "liblz4-1",
+ "version": "1.9.3-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:liblz4-1:liblz4-1:1.9.3-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/liblz4-1@1.9.3-2?arch=amd64&upstream=lz4&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/liblzma5@5.2.5-2.1~deb11u1?arch=amd64&upstream=xz-utils&distro=debian-11&package-id=b95662a389d30c72",
+ "publisher": "Jonathan Nieder ",
+ "name": "liblzma5",
+ "version": "5.2.5-2.1~deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "name": "Autoconf"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "PD"
+ }
+ },
+ {
+ "license": {
+ "name": "PD-debian"
+ }
+ },
+ {
+ "license": {
+ "name": "config-h"
+ }
+ },
+ {
+ "license": {
+ "name": "noderivs"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-fsf"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-nowarranty"
+ }
+ },
+ {
+ "license": {
+ "name": "probably-PD"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:liblzma5:liblzma5:5.2.5-2.1\\~deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/liblzma5@5.2.5-2.1~deb11u1?arch=amd64&upstream=xz-utils&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libmount1@2.36.1-8+deb11u1?arch=amd64&upstream=util-linux&distro=debian-11&package-id=afd0c3536366dc2c",
+ "publisher": "util-linux packagers ",
+ "name": "libmount1",
+ "version": "2.36.1-8+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libmount1:libmount1:2.36.1-8\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libmount1@2.36.1-8+deb11u1?arch=amd64&upstream=util-linux&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libncursesw6@6.2+20201114-2?arch=amd64&upstream=ncurses&distro=debian-11&package-id=9eba19a6d4dcd7de",
+ "publisher": "Craig Small ",
+ "name": "libncursesw6",
+ "version": "6.2+20201114-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "MIT/X11"
+ }
+ },
+ {
+ "license": {
+ "id": "X11"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libncursesw6:libncursesw6:6.2\\+20201114-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libncursesw6@6.2+20201114-2?arch=amd64&upstream=ncurses&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libnettle8@3.7.3-1?arch=amd64&upstream=nettle&distro=debian-11&package-id=ceff94b390c9bf61",
+ "publisher": "Magnus Holmgren ",
+ "name": "libnettle8",
+ "version": "3.7.3-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "name": "GAP"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libnettle8:libnettle8:3.7.3-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libnettle8@3.7.3-1?arch=amd64&upstream=nettle&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libnghttp2-14@1.43.0-1?arch=amd64&upstream=nghttp2&distro=debian-11&package-id=cfb81461ba0ee3f7",
+ "publisher": "Tomasz Buchert ",
+ "name": "libnghttp2-14",
+ "version": "1.43.0-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "SIL-OFL-1.1"
+ }
+ },
+ {
+ "license": {
+ "name": "all-permissive"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libnghttp2-14:libnghttp2-14:1.43.0-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libnghttp2-14@1.43.0-1?arch=amd64&upstream=nghttp2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libnpth0@1.6-3?arch=amd64&upstream=npth&distro=debian-11&package-id=8f1b99f450f7926c",
+ "publisher": "Eric Dorland ",
+ "name": "libnpth0",
+ "version": "1.6-3",
+ "licenses": [
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libnpth0:libnpth0:1.6-3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libnpth0@1.6-3?arch=amd64&upstream=npth&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libnsl2@1.3.0-2?arch=amd64&upstream=libnsl&distro=debian-11&package-id=fc8ac2f1807436d9",
+ "publisher": "GNU Libc Maintainers ",
+ "name": "libnsl2",
+ "version": "1.3.0-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL-2+-autoconf-exception"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL-2+-libtool-exception"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL-3+-autoconf-exception"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-autoconf-m4"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-autoconf-m4-no-warranty"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-configure"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-fsf"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-makefile-in"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libnsl2:libnsl2:1.3.0-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libnsl2@1.3.0-2?arch=amd64&upstream=libnsl&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libp11-kit0@0.23.22-1?arch=amd64&upstream=p11-kit&distro=debian-11&package-id=a2ce6d1eb48ab956",
+ "publisher": "Debian GnuTLS Maintainers ",
+ "name": "libp11-kit0",
+ "version": "0.23.22-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "ISC"
+ }
+ },
+ {
+ "license": {
+ "name": "ISC+IBM"
+ }
+ },
+ {
+ "license": {
+ "name": "permissive-like-automake-output"
+ }
+ },
+ {
+ "license": {
+ "name": "same-as-rest-of-p11kit"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libp11-kit0:libp11-kit0:0.23.22-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libp11-kit0@0.23.22-1?arch=amd64&upstream=p11-kit&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpam-modules@1.4.0-9+deb11u1?arch=amd64&upstream=pam&distro=debian-11&package-id=903eac5974d73705",
+ "publisher": "Steve Langasek ",
+ "name": "libpam-modules",
+ "version": "1.4.0-9+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libpam-modules:libpam-modules:1.4.0-9\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpam-modules@1.4.0-9+deb11u1?arch=amd64&upstream=pam&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpam-modules-bin@1.4.0-9+deb11u1?arch=amd64&upstream=pam&distro=debian-11&package-id=2dc3f20bb97e020d",
+ "publisher": "Steve Langasek ",
+ "name": "libpam-modules-bin",
+ "version": "1.4.0-9+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libpam-modules-bin:libpam-modules-bin:1.4.0-9\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpam-modules-bin@1.4.0-9+deb11u1?arch=amd64&upstream=pam&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpam-runtime@1.4.0-9+deb11u1?arch=all&upstream=pam&distro=debian-11&package-id=1238d07342abe7a3",
+ "publisher": "Steve Langasek ",
+ "name": "libpam-runtime",
+ "version": "1.4.0-9+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libpam-runtime:libpam-runtime:1.4.0-9\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpam-runtime@1.4.0-9+deb11u1?arch=all&upstream=pam&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpam0g@1.4.0-9+deb11u1?arch=amd64&upstream=pam&distro=debian-11&package-id=70917c5424d601fa",
+ "publisher": "Steve Langasek ",
+ "name": "libpam0g",
+ "version": "1.4.0-9+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libpam0g:libpam0g:1.4.0-9\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpam0g@1.4.0-9+deb11u1?arch=amd64&upstream=pam&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpcre2-8-0@10.36-2+deb11u1?arch=amd64&upstream=pcre2&distro=debian-11&package-id=5d07d7ec308f6bb2",
+ "publisher": "Matthew Vernon ",
+ "name": "libpcre2-8-0",
+ "version": "10.36-2+deb11u1",
+ "cpe": "cpe:2.3:a:libpcre2-8-0:libpcre2-8-0:10.36-2\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpcre2-8-0@10.36-2+deb11u1?arch=amd64&upstream=pcre2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpcre3@2:8.39-13?arch=amd64&upstream=pcre3&distro=debian-11&package-id=1c1641a0882b431f",
+ "publisher": "Matthew Vernon ",
+ "name": "libpcre3",
+ "version": "2:8.39-13",
+ "cpe": "cpe:2.3:a:libpcre3:libpcre3:2\\:8.39-13:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpcre3@2:8.39-13?arch=amd64&upstream=pcre3&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libpsl5@0.21.0-1.2?arch=amd64&upstream=libpsl&distro=debian-11&package-id=3409718c91a2d222",
+ "publisher": "Tim Rühsen ",
+ "name": "libpsl5",
+ "version": "0.21.0-1.2",
+ "licenses": [
+ {
+ "license": {
+ "name": "Chromium"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libpsl5:libpsl5:0.21.0-1.2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libpsl5@0.21.0-1.2?arch=amd64&upstream=libpsl&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libreadline8@8.1-1?arch=amd64&upstream=readline&distro=debian-11&package-id=348793ec2b579ee6",
+ "publisher": "Matthias Klose ",
+ "name": "libreadline8",
+ "version": "8.1-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GFDL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libreadline8:libreadline8:8.1-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libreadline8@8.1-1?arch=amd64&upstream=readline&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/librtmp1@2.4+20151223.gitfa8646d.1-2+b2?arch=amd64&upstream=rtmpdump%402.4+20151223.gitfa8646d.1-2&distro=debian-11&package-id=4f5f3212d3812c5d",
+ "publisher": "Debian Multimedia Maintainers ",
+ "name": "librtmp1",
+ "version": "2.4+20151223.gitfa8646d.1-2+b2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:librtmp1:librtmp1:2.4\\+20151223.gitfa8646d.1-2\\+b2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/librtmp1@2.4+20151223.gitfa8646d.1-2+b2?arch=amd64&upstream=rtmpdump%402.4+20151223.gitfa8646d.1-2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsasl2-2@2.1.27+dfsg-2.1+deb11u1?arch=amd64&upstream=cyrus-sasl2&distro=debian-11&package-id=77ea74a82c5fc951",
+ "publisher": "Debian Cyrus Team ",
+ "name": "libsasl2-2",
+ "version": "2.1.27+dfsg-2.1+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsasl2-2:libsasl2-2:2.1.27\\+dfsg-2.1\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsasl2-2@2.1.27+dfsg-2.1+deb11u1?arch=amd64&upstream=cyrus-sasl2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsasl2-modules-db@2.1.27+dfsg-2.1+deb11u1?arch=amd64&upstream=cyrus-sasl2&distro=debian-11&package-id=1e10a1d2edb3e77a",
+ "publisher": "Debian Cyrus Team ",
+ "name": "libsasl2-modules-db",
+ "version": "2.1.27+dfsg-2.1+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsasl2-modules-db:libsasl2-modules-db:2.1.27\\+dfsg-2.1\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsasl2-modules-db@2.1.27+dfsg-2.1+deb11u1?arch=amd64&upstream=cyrus-sasl2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libseccomp2@2.5.1-1+deb11u1?arch=amd64&upstream=libseccomp&distro=debian-11&package-id=bb0878d1437830b4",
+ "publisher": "Kees Cook ",
+ "name": "libseccomp2",
+ "version": "2.5.1-1+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libseccomp2:libseccomp2:2.5.1-1\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libseccomp2@2.5.1-1+deb11u1?arch=amd64&upstream=libseccomp&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libselinux1@3.1-3?arch=amd64&upstream=libselinux&distro=debian-11&package-id=bb9d0a1adefb7931",
+ "publisher": "Debian SELinux maintainers ",
+ "name": "libselinux1",
+ "version": "3.1-3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libselinux1:libselinux1:3.1-3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libselinux1@3.1-3?arch=amd64&upstream=libselinux&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsemanage-common@3.1-1?arch=all&upstream=libsemanage&distro=debian-11&package-id=f41fe741bd23f493",
+ "publisher": "Debian SELinux maintainers ",
+ "name": "libsemanage-common",
+ "version": "3.1-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsemanage-common:libsemanage-common:3.1-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsemanage-common@3.1-1?arch=all&upstream=libsemanage&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsemanage1@3.1-1+b2?arch=amd64&upstream=libsemanage%403.1-1&distro=debian-11&package-id=fa4813c20a8027a6",
+ "publisher": "Debian SELinux maintainers ",
+ "name": "libsemanage1",
+ "version": "3.1-1+b2",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsemanage1:libsemanage1:3.1-1\\+b2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsemanage1@3.1-1+b2?arch=amd64&upstream=libsemanage%403.1-1&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsepol1@3.1-1?arch=amd64&upstream=libsepol&distro=debian-11&package-id=cfa6f496d2fd049",
+ "publisher": "Debian SELinux maintainers ",
+ "name": "libsepol1",
+ "version": "3.1-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsepol1:libsepol1:3.1-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsepol1@3.1-1?arch=amd64&upstream=libsepol&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsmartcols1@2.36.1-8+deb11u1?arch=amd64&upstream=util-linux&distro=debian-11&package-id=cf3b22adc552a311",
+ "publisher": "util-linux packagers ",
+ "name": "libsmartcols1",
+ "version": "2.36.1-8+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsmartcols1:libsmartcols1:2.36.1-8\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsmartcols1@2.36.1-8+deb11u1?arch=amd64&upstream=util-linux&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsqlite3-0@3.34.1-3?arch=amd64&upstream=sqlite3&distro=debian-11&package-id=373ed1f8b8bffc03",
+ "publisher": "Laszlo Boszormenyi (GCS) ",
+ "name": "libsqlite3-0",
+ "version": "3.34.1-3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsqlite3-0:libsqlite3-0:3.34.1-3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsqlite3-0@3.34.1-3?arch=amd64&upstream=sqlite3&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libss2@1.46.2-2?arch=amd64&upstream=e2fsprogs&distro=debian-11&package-id=4ba13b2c11cb0876",
+ "publisher": "Theodore Y. Ts'o ",
+ "name": "libss2",
+ "version": "1.46.2-2",
+ "cpe": "cpe:2.3:a:libss2:libss2:1.46.2-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libss2@1.46.2-2?arch=amd64&upstream=e2fsprogs&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libssh2-1@1.9.0-2?arch=amd64&upstream=libssh2&distro=debian-11&package-id=7b11dbeecfce2854",
+ "publisher": "Nicolas Mora ",
+ "name": "libssh2-1",
+ "version": "1.9.0-2",
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD3"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libssh2-1:libssh2-1:1.9.0-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libssh2-1@1.9.0-2?arch=amd64&upstream=libssh2&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libssl1.1@1.1.1n-0+deb11u4?arch=amd64&upstream=openssl&distro=debian-11&package-id=63a11d0164944054",
+ "publisher": "Debian OpenSSL Team ",
+ "name": "libssl1.1",
+ "version": "1.1.1n-0+deb11u4",
+ "cpe": "cpe:2.3:a:libssl1.1:libssl1.1:1.1.1n-0\\+deb11u4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libssl1.1@1.1.1n-0+deb11u4?arch=amd64&upstream=openssl&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libstdc++6@10.2.1-6?arch=amd64&upstream=gcc-10&distro=debian-11&package-id=748369630632944",
+ "publisher": "Debian GCC Maintainers ",
+ "name": "libstdc++6",
+ "version": "10.2.1-6",
+ "licenses": [
+ {
+ "license": {
+ "name": "Artistic"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.2-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libstdc\\+\\+6:libstdc\\+\\+6:10.2.1-6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libstdc++6@10.2.1-6?arch=amd64&upstream=gcc-10&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libsystemd0@247.3-7+deb11u1?arch=amd64&upstream=systemd&distro=debian-11&package-id=4c258dc3b086d634",
+ "publisher": "Debian systemd Maintainers ",
+ "name": "libsystemd0",
+ "version": "247.3-7+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libsystemd0:libsystemd0:247.3-7\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libsystemd0@247.3-7+deb11u1?arch=amd64&upstream=systemd&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libtasn1-6@4.16.0-2+deb11u1?arch=amd64&distro=debian-11&package-id=74865cf2744adb90",
+ "publisher": "Debian GnuTLS Maintainers ",
+ "name": "libtasn1-6",
+ "version": "4.16.0-2+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GFDL-1.3-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libtasn1-6:libtasn1-6:4.16.0-2\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libtasn1-6@4.16.0-2+deb11u1?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libtinfo6@6.2+20201114-2?arch=amd64&upstream=ncurses&distro=debian-11&package-id=9e96601b60336037",
+ "publisher": "Craig Small ",
+ "name": "libtinfo6",
+ "version": "6.2+20201114-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "MIT/X11"
+ }
+ },
+ {
+ "license": {
+ "id": "X11"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libtinfo6:libtinfo6:6.2\\+20201114-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libtinfo6@6.2+20201114-2?arch=amd64&upstream=ncurses&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libtirpc-common@1.3.1-1+deb11u1?arch=all&upstream=libtirpc&distro=debian-11&package-id=3623a1ef0b5b63b9",
+ "publisher": "Josue Ortega ",
+ "name": "libtirpc-common",
+ "version": "1.3.1-1+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libtirpc-common:libtirpc-common:1.3.1-1\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libtirpc-common@1.3.1-1+deb11u1?arch=all&upstream=libtirpc&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libtirpc3@1.3.1-1+deb11u1?arch=amd64&upstream=libtirpc&distro=debian-11&package-id=c7b97f0b9d21e851",
+ "publisher": "Josue Ortega ",
+ "name": "libtirpc3",
+ "version": "1.3.1-1+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libtirpc3:libtirpc3:1.3.1-1\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libtirpc3@1.3.1-1+deb11u1?arch=amd64&upstream=libtirpc&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libudev1@247.3-7+deb11u1?arch=amd64&upstream=systemd&distro=debian-11&package-id=79c718cff72e218e",
+ "publisher": "Debian systemd Maintainers ",
+ "name": "libudev1",
+ "version": "247.3-7+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "CC0-1.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libudev1:libudev1:247.3-7\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libudev1@247.3-7+deb11u1?arch=amd64&upstream=systemd&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libunistring2@0.9.10-4?arch=amd64&upstream=libunistring&distro=debian-11&package-id=dc7fcfc9dde2b703",
+ "publisher": "Jörg Frings-Fürst ",
+ "name": "libunistring2",
+ "version": "0.9.10-4",
+ "licenses": [
+ {
+ "license": {
+ "name": "FreeSoftware"
+ }
+ },
+ {
+ "license": {
+ "id": "GFDL-1.2-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GFDL-1.2+"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libunistring2:libunistring2:0.9.10-4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libunistring2@0.9.10-4?arch=amd64&upstream=libunistring&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libuuid1@2.36.1-8+deb11u1?arch=amd64&upstream=util-linux&distro=debian-11&package-id=e87310d3e1426d6c",
+ "publisher": "util-linux packagers ",
+ "name": "libuuid1",
+ "version": "2.36.1-8+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libuuid1:libuuid1:2.36.1-8\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libuuid1@2.36.1-8+deb11u1?arch=amd64&upstream=util-linux&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libxxhash0@0.8.0-2?arch=amd64&upstream=xxhash&distro=debian-11&package-id=edc71d7591d40133",
+ "publisher": "Norbert Preining ",
+ "name": "libxxhash0",
+ "version": "0.8.0-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libxxhash0:libxxhash0:0.8.0-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libxxhash0@0.8.0-2?arch=amd64&upstream=xxhash&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/libzstd1@1.4.8+dfsg-2.1?arch=amd64&upstream=libzstd&distro=debian-11&package-id=90e1680def07a674",
+ "publisher": "Debian Med Packaging Team ",
+ "name": "libzstd1",
+ "version": "1.4.8+dfsg-2.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "Zlib"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:libzstd1:libzstd1:1.4.8\\+dfsg-2.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/libzstd1@1.4.8+dfsg-2.1?arch=amd64&upstream=libzstd&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/login@1:4.8.1-1?arch=amd64&upstream=shadow&distro=debian-11&package-id=9cdbb92ea69c08a1",
+ "publisher": "Shadow package maintainers ",
+ "name": "login",
+ "version": "1:4.8.1-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:login:login:1\\:4.8.1-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/login@1:4.8.1-1?arch=amd64&upstream=shadow&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/logsave@1.46.2-2?arch=amd64&upstream=e2fsprogs&distro=debian-11&package-id=77e8cce6db62952b",
+ "publisher": "Theodore Y. Ts'o ",
+ "name": "logsave",
+ "version": "1.46.2-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:logsave:logsave:1.46.2-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/logsave@1.46.2-2?arch=amd64&upstream=e2fsprogs&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/lsb-base@11.1.0?arch=all&upstream=lsb&distro=debian-11&package-id=67f43d818d5952cf",
+ "publisher": "Debian sysvinit maintainers ",
+ "name": "lsb-base",
+ "version": "11.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:lsb-base:lsb-base:11.1.0:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/lsb-base@11.1.0?arch=all&upstream=lsb&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/mawk@1.3.4.20200120-2?arch=amd64&distro=debian-11&package-id=b91e181aea759ff5",
+ "publisher": "Boyuan Yang ",
+ "name": "mawk",
+ "version": "1.3.4.20200120-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:mawk:mawk:1.3.4.20200120-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/mawk@1.3.4.20200120-2?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/mount@2.36.1-8+deb11u1?arch=amd64&upstream=util-linux&distro=debian-11&package-id=c7ff86ae9a8937ca",
+ "publisher": "util-linux packagers ",
+ "name": "mount",
+ "version": "2.36.1-8+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:mount:mount:2.36.1-8\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/mount@2.36.1-8+deb11u1?arch=amd64&upstream=util-linux&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/ncurses-base@6.2+20201114-2?arch=all&upstream=ncurses&distro=debian-11&package-id=9c2239a948284096",
+ "publisher": "Craig Small ",
+ "name": "ncurses-base",
+ "version": "6.2+20201114-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "MIT/X11"
+ }
+ },
+ {
+ "license": {
+ "id": "X11"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:ncurses-base:ncurses-base:6.2\\+20201114-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/ncurses-base@6.2+20201114-2?arch=all&upstream=ncurses&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/ncurses-bin@6.2+20201114-2?arch=amd64&upstream=ncurses&distro=debian-11&package-id=d98c3c34aac1c97c",
+ "publisher": "Craig Small ",
+ "name": "ncurses-bin",
+ "version": "6.2+20201114-2",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "MIT/X11"
+ }
+ },
+ {
+ "license": {
+ "id": "X11"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:ncurses-bin:ncurses-bin:6.2\\+20201114-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/ncurses-bin@6.2+20201114-2?arch=amd64&upstream=ncurses&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/netbase@6.3?arch=all&distro=debian-11&package-id=1632ba983c003dc3",
+ "publisher": "Marco d'Itri ",
+ "name": "netbase",
+ "version": "6.3",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:netbase:netbase:6.3:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/netbase@6.3?arch=all&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/openssl@1.1.1n-0+deb11u4?arch=amd64&distro=debian-11&package-id=a7dc6e66845f14bf",
+ "publisher": "Debian OpenSSL Team ",
+ "name": "openssl",
+ "version": "1.1.1n-0+deb11u4",
+ "cpe": "cpe:2.3:a:openssl:openssl:1.1.1n-0\\+deb11u4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/openssl@1.1.1n-0+deb11u4?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/passwd@1:4.8.1-1?arch=amd64&upstream=shadow&distro=debian-11&package-id=fdca5992b8d73b50",
+ "publisher": "Shadow package maintainers ",
+ "name": "passwd",
+ "version": "1:4.8.1-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:passwd:passwd:1\\:4.8.1-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/passwd@1:4.8.1-1?arch=amd64&upstream=shadow&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/perl-base@5.32.1-4+deb11u2?arch=amd64&upstream=perl&distro=debian-11&package-id=96ea9246284c94e6",
+ "publisher": "Niko Tyni ",
+ "name": "perl-base",
+ "version": "5.32.1-4+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "name": "Artistic"
+ }
+ },
+ {
+ "license": {
+ "id": "Artistic-2.0"
+ }
+ },
+ {
+ "license": {
+ "name": "Artistic-dist"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "name": "BSD-3-clause-GENERIC"
+ }
+ },
+ {
+ "license": {
+ "name": "BSD-3-clause-with-weird-numbering"
+ }
+ },
+ {
+ "license": {
+ "name": "BSD-4-clause-POWERDOG"
+ }
+ },
+ {
+ "license": {
+ "name": "BZIP"
+ }
+ },
+ {
+ "license": {
+ "name": "DONT-CHANGE-THE-GPL"
+ }
+ },
+ {
+ "license": {
+ "name": "Expat"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-1.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-1.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "GPL-3+-WITH-BISON-EXCEPTION"
+ }
+ },
+ {
+ "license": {
+ "name": "HSIEH-BSD"
+ }
+ },
+ {
+ "license": {
+ "name": "HSIEH-DERIVATIVE"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "name": "REGCOMP"
+ }
+ },
+ {
+ "license": {
+ "name": "REGCOMP,"
+ }
+ },
+ {
+ "license": {
+ "name": "RRA-KEEP-THIS-NOTICE"
+ }
+ },
+ {
+ "license": {
+ "name": "SDBM-PUBLIC-DOMAIN"
+ }
+ },
+ {
+ "license": {
+ "name": "TEXT-TABS"
+ }
+ },
+ {
+ "license": {
+ "name": "Unicode"
+ }
+ },
+ {
+ "license": {
+ "id": "Zlib"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:perl-base:perl-base:5.32.1-4\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/perl-base@5.32.1-4+deb11u2?arch=amd64&upstream=perl&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/pinentry-curses@1.1.0-4?arch=amd64&upstream=pinentry&distro=debian-11&package-id=97be8369853f993c",
+ "publisher": "Debian GnuPG Maintainers ",
+ "name": "pinentry-curses",
+ "version": "1.1.0-4",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "X11"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:pinentry-curses:pinentry-curses:1.1.0-4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/pinentry-curses@1.1.0-4?arch=amd64&upstream=pinentry&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/readline-common@8.1-1?arch=all&upstream=readline&distro=debian-11&package-id=1db616197859926a",
+ "publisher": "Matthias Klose ",
+ "name": "readline-common",
+ "version": "8.1-1",
+ "licenses": [
+ {
+ "license": {
+ "name": "GFDL"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:readline-common:readline-common:8.1-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/readline-common@8.1-1?arch=all&upstream=readline&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/sed@4.7-1?arch=amd64&distro=debian-11&package-id=cd24b1a69c7b788a",
+ "publisher": "Clint Adams ",
+ "name": "sed",
+ "version": "4.7-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:sed:sed:4.7-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/sed@4.7-1?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/sysvinit-utils@2.96-7+deb11u1?arch=amd64&upstream=sysvinit&distro=debian-11&package-id=e0e95f2e10cb825e",
+ "publisher": "Debian sysvinit maintainers ",
+ "name": "sysvinit-utils",
+ "version": "2.96-7+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:sysvinit-utils:sysvinit-utils:2.96-7\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/sysvinit-utils@2.96-7+deb11u1?arch=amd64&upstream=sysvinit&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/tar@1.34+dfsg-1?arch=amd64&distro=debian-11&package-id=9511efaff0991270",
+ "publisher": "Janos Lenart ",
+ "name": "tar",
+ "version": "1.34+dfsg-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:tar:tar:1.34\\+dfsg-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/tar@1.34+dfsg-1?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/tzdata@2021a-1+deb11u9?arch=all&distro=debian-11&package-id=5268162de7a3ef0",
+ "publisher": "GNU Libc Maintainers ",
+ "name": "tzdata",
+ "version": "2021a-1+deb11u9",
+ "cpe": "cpe:2.3:a:tzdata:tzdata:2021a-1\\+deb11u9:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/tzdata@2021a-1+deb11u9?arch=all&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/util-linux@2.36.1-8+deb11u1?arch=amd64&distro=debian-11&package-id=b8c872368f65d4a3",
+ "publisher": "util-linux packagers ",
+ "name": "util-linux",
+ "version": "2.36.1-8+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:util-linux:util-linux:2.36.1-8\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/util-linux@2.36.1-8+deb11u1?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/wget@1.21-1+deb11u1?arch=amd64&distro=debian-11&package-id=a1c9b0706dcf6d72",
+ "publisher": "Noël Köthe ",
+ "name": "wget",
+ "version": "1.21-1+deb11u1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GFDL-1.2-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:wget:wget:1.21-1\\+deb11u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/wget@1.21-1+deb11u1?arch=amd64&distro=debian-11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/zlib1g@1:1.2.11.dfsg-2+deb11u2?arch=amd64&upstream=zlib&distro=debian-11&package-id=369e996115240b62",
+ "publisher": "Mark Brown ",
+ "name": "zlib1g",
+ "version": "1:1.2.11.dfsg-2+deb11u2",
+ "licenses": [
+ {
+ "license": {
+ "id": "Zlib"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.11.dfsg-2\\+deb11u2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/zlib1g@1:1.2.11.dfsg-2+deb11u2?arch=amd64&upstream=zlib&distro=debian-11"
+ },
+ {
+ "type": "operating-system",
+ "name": "debian",
+ "version": "11",
+ "description": "Debian GNU/Linux 11 (bullseye)",
+ "swid": {
+ "tagId": "debian",
+ "name": "debian",
+ "version": "11"
+ },
+ "externalReferences": [
+ {
+ "url": "https://bugs.debian.org/",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://www.debian.org/",
+ "type": "website"
+ },
+ {
+ "url": "https://www.debian.org/support",
+ "comment": "support",
+ "type": "other"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/base-files@10.3+deb10u9?arch=amd64&distro=debian-10&package-id=5aa6e4929bf16696",
+ "publisher": "Santiago Vila ",
+ "name": "base-files",
+ "version": "10.3+deb10u9",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:base-files:base-files:10.3\\+deb10u9:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/base-files@10.3+deb10u9?arch=amd64&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/beorn7/perks@v1.0.1?package-id=cc00b9c8d0ce31ed",
+ "name": "github.com/beorn7/perks",
+ "version": "v1.0.1",
+ "cpe": "cpe:2.3:a:beorn7:perks:v1.0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/beorn7/perks@v1.0.1"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/blang/semver@v3.5.1+incompatible?package-id=2dbc1b01df867a6a",
+ "name": "github.com/blang/semver",
+ "version": "v3.5.1+incompatible",
+ "cpe": "cpe:2.3:a:blang:semver:v3.5.1\\+incompatible:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/blang/semver@v3.5.1+incompatible"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/cespare/xxhash/v2@v2.1.1?package-id=56c8a30e6ed8d12f",
+ "name": "github.com/cespare/xxhash/v2",
+ "version": "v2.1.1",
+ "cpe": "cpe:2.3:a:cespare:xxhash\\/v2:v2.1.1:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/cespare/xxhash/v2@v2.1.1"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/container-storage-interface/spec@v1.3.0?package-id=59b273222fc08721",
+ "name": "github.com/container-storage-interface/spec",
+ "version": "v1.3.0",
+ "cpe": "cpe:2.3:a:container-storage-interface:spec:v1.3.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/container-storage-interface/spec@v1.3.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/davecgh/go-spew@v1.1.1?package-id=54c8a26e96cd9177",
+ "name": "github.com/davecgh/go-spew",
+ "version": "v1.1.1",
+ "cpe": "cpe:2.3:a:davecgh:go-spew:v1.1.1:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/davecgh/go-spew@v1.1.1"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/evanphx/json-patch@v4.9.0+incompatible?package-id=4d5067e77be15976",
+ "name": "github.com/evanphx/json-patch",
+ "version": "v4.9.0+incompatible",
+ "cpe": "cpe:2.3:a:evanphx:json-patch:v4.9.0\\+incompatible:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/evanphx/json-patch@v4.9.0+incompatible"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/go-logr/logr@v0.4.0?package-id=6ee9e381920d3d42",
+ "name": "github.com/go-logr/logr",
+ "version": "v0.4.0",
+ "cpe": "cpe:2.3:a:go-logr:logr:v0.4.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/go-logr/logr@v0.4.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/gogo/protobuf@v1.3.1?package-id=8c9abae50388b70b",
+ "name": "github.com/gogo/protobuf",
+ "version": "v1.3.1",
+ "cpe": "cpe:2.3:a:gogo:protobuf:v1.3.1:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/gogo/protobuf@v1.3.1"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/golang/groupcache@v0.0.0-20200121045136-8c9f03a8e57e?package-id=d8c82a79a4166105",
+ "name": "github.com/golang/groupcache",
+ "version": "v0.0.0-20200121045136-8c9f03a8e57e",
+ "cpe": "cpe:2.3:a:golang:groupcache:v0.0.0-20200121045136-8c9f03a8e57e:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/golang/groupcache@v0.0.0-20200121045136-8c9f03a8e57e"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/golang/protobuf@v1.4.3?package-id=e96e1ed4ea928c35",
+ "name": "github.com/golang/protobuf",
+ "version": "v1.4.3",
+ "cpe": "cpe:2.3:a:golang:protobuf:v1.4.3:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/golang/protobuf@v1.4.3"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/google/go-cmp@v0.5.4?package-id=7f6c51c43dbb5a29",
+ "name": "github.com/google/go-cmp",
+ "version": "v0.5.4",
+ "cpe": "cpe:2.3:a:google:go-cmp:v0.5.4:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/google/go-cmp@v0.5.4"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/google/gofuzz@v1.2.0?package-id=dba323a4fa86b9bf",
+ "name": "github.com/google/gofuzz",
+ "version": "v1.2.0",
+ "cpe": "cpe:2.3:a:google:gofuzz:v1.2.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/google/gofuzz@v1.2.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/google/uuid@v1.1.2?package-id=c78a08959676d86b",
+ "name": "github.com/google/uuid",
+ "version": "v1.1.2",
+ "cpe": "cpe:2.3:a:google:uuid:v1.1.2:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/google/uuid@v1.1.2"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/googleapis/gnostic@v0.5.3?package-id=58aceef74759b61e",
+ "name": "github.com/googleapis/gnostic",
+ "version": "v0.5.3",
+ "cpe": "cpe:2.3:a:googleapis:gnostic:v0.5.3:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/googleapis/gnostic@v0.5.3"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/hashicorp/golang-lru@v0.5.4?package-id=7000ab09d2435fd1",
+ "name": "github.com/hashicorp/golang-lru",
+ "version": "v0.5.4",
+ "cpe": "cpe:2.3:a:hashicorp:golang-lru:v0.5.4:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/hashicorp/golang-lru@v0.5.4"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/imdario/mergo@v0.3.11?package-id=d43a6fa01161fac",
+ "name": "github.com/imdario/mergo",
+ "version": "v0.3.11",
+ "cpe": "cpe:2.3:a:imdario:mergo:v0.3.11:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/imdario/mergo@v0.3.11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/json-iterator/go@v1.1.10?package-id=25c6433399c83a83",
+ "name": "github.com/json-iterator/go",
+ "version": "v1.1.10",
+ "cpe": "cpe:2.3:a:json-iterator:go:v1.1.10:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/json-iterator/go@v1.1.10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/kubernetes-csi/csi-lib-utils@v0.9.0?package-id=808ebba8c41ebd2",
+ "name": "github.com/kubernetes-csi/csi-lib-utils",
+ "version": "v0.9.0",
+ "cpe": "cpe:2.3:a:kubernetes-csi:csi-lib-utils:v0.9.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/kubernetes-csi/csi-lib-utils@v0.9.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/kubernetes-csi/external-provisioner@(devel)?package-id=bf0d7487d10c658e",
+ "name": "github.com/kubernetes-csi/external-provisioner",
+ "version": "(devel)",
+ "cpe": "cpe:2.3:a:kubernetes-csi:external-provisioner:\\(devel\\):*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/kubernetes-csi/external-provisioner@(devel)"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/kubernetes-csi/external-snapshotter/client/v3@v3.0.0?package-id=502963f03c832faa",
+ "name": "github.com/kubernetes-csi/external-snapshotter/client/v3",
+ "version": "v3.0.0",
+ "cpe": "cpe:2.3:a:kubernetes-csi:external-snapshotter\\/client\\/v3:v3.0.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/kubernetes-csi/external-snapshotter/client/v3@v3.0.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.2-0.20181231171920-c182affec369?package-id=73c6509bc13937d8",
+ "name": "github.com/matttproud/golang_protobuf_extensions",
+ "version": "v1.0.2-0.20181231171920-c182affec369",
+ "cpe": "cpe:2.3:a:matttproud:golang-protobuf-extensions:v1.0.2-0.20181231171920-c182affec369:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.2-0.20181231171920-c182affec369"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/miekg/dns@v1.1.35?package-id=df6cc70eaed9a153",
+ "name": "github.com/miekg/dns",
+ "version": "v1.1.35",
+ "cpe": "cpe:2.3:a:miekg:dns:v1.1.35:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/miekg/dns@v1.1.35"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd?package-id=8b4a083d7e787d16",
+ "name": "github.com/modern-go/concurrent",
+ "version": "v0.0.0-20180306012644-bacd9c7ef1dd",
+ "cpe": "cpe:2.3:a:modern-go:concurrent:v0.0.0-20180306012644-bacd9c7ef1dd:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/modern-go/reflect2@v1.0.1?package-id=44e874caefd7b533",
+ "name": "github.com/modern-go/reflect2",
+ "version": "v1.0.1",
+ "cpe": "cpe:2.3:a:modern-go:reflect2:v1.0.1:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/modern-go/reflect2@v1.0.1"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/pkg/errors@v0.9.1?package-id=3502236ee518305f",
+ "name": "github.com/pkg/errors",
+ "version": "v0.9.1",
+ "cpe": "cpe:2.3:a:pkg:errors:v0.9.1:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/pkg/errors@v0.9.1"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/prometheus/client_golang@v1.8.0?package-id=2759e7bbe91b3b19",
+ "name": "github.com/prometheus/client_golang",
+ "version": "v1.8.0",
+ "cpe": "cpe:2.3:a:prometheus:client-golang:v1.8.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/prometheus/client_golang@v1.8.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/prometheus/client_model@v0.2.0?package-id=87a7cd7b5b7b2e9c",
+ "name": "github.com/prometheus/client_model",
+ "version": "v0.2.0",
+ "cpe": "cpe:2.3:a:prometheus:client-model:v0.2.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/prometheus/client_model@v0.2.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/prometheus/common@v0.15.0?package-id=43259b2cf12c35e6",
+ "name": "github.com/prometheus/common",
+ "version": "v0.15.0",
+ "cpe": "cpe:2.3:a:prometheus:common:v0.15.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/prometheus/common@v0.15.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/prometheus/procfs@v0.2.0?package-id=1b61f1922fa92dce",
+ "name": "github.com/prometheus/procfs",
+ "version": "v0.2.0",
+ "cpe": "cpe:2.3:a:prometheus:procfs:v0.2.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/prometheus/procfs@v0.2.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/github.com/spf13/pflag@v1.0.5?package-id=a9dc68b5a7a5618a",
+ "name": "github.com/spf13/pflag",
+ "version": "v1.0.5",
+ "cpe": "cpe:2.3:a:spf13:pflag:v1.0.5:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/github.com/spf13/pflag@v1.0.5"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/golang.org/x/crypto@v0.0.0-20201208171446-5f87f3452ae9?package-id=d6bedaa573a2fbdd",
+ "name": "golang.org/x/crypto",
+ "version": "v0.0.0-20201208171446-5f87f3452ae9",
+ "cpe": "cpe:2.3:a:golang:x\\/crypto:v0.0.0-20201208171446-5f87f3452ae9:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/golang.org/x/crypto@v0.0.0-20201208171446-5f87f3452ae9"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/golang.org/x/net@v0.0.0-20201209123823-ac852fbbde11?package-id=88c18788f0dd2cf5",
+ "name": "golang.org/x/net",
+ "version": "v0.0.0-20201209123823-ac852fbbde11",
+ "cpe": "cpe:2.3:a:golang:x\\/net:v0.0.0-20201209123823-ac852fbbde11:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/golang.org/x/net@v0.0.0-20201209123823-ac852fbbde11"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/golang.org/x/oauth2@v0.0.0-20201208152858-08078c50e5b5?package-id=29aca0a9e9f75509",
+ "name": "golang.org/x/oauth2",
+ "version": "v0.0.0-20201208152858-08078c50e5b5",
+ "cpe": "cpe:2.3:a:golang:x\\/oauth2:v0.0.0-20201208152858-08078c50e5b5:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/golang.org/x/oauth2@v0.0.0-20201208152858-08078c50e5b5"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/golang.org/x/sys@v0.0.0-20201214095126-aec9a390925b?package-id=f5e5e742ba0c32fc",
+ "name": "golang.org/x/sys",
+ "version": "v0.0.0-20201214095126-aec9a390925b",
+ "cpe": "cpe:2.3:a:golang:x\\/sys:v0.0.0-20201214095126-aec9a390925b:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/golang.org/x/sys@v0.0.0-20201214095126-aec9a390925b"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/golang.org/x/term@v0.0.0-20201210144234-2321bbc49cbf?package-id=4b6f181809660169",
+ "name": "golang.org/x/term",
+ "version": "v0.0.0-20201210144234-2321bbc49cbf",
+ "cpe": "cpe:2.3:a:golang:x\\/term:v0.0.0-20201210144234-2321bbc49cbf:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/golang.org/x/term@v0.0.0-20201210144234-2321bbc49cbf"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/golang.org/x/text@v0.3.4?package-id=b57979cfd8ce8a9f",
+ "name": "golang.org/x/text",
+ "version": "v0.3.4",
+ "cpe": "cpe:2.3:a:golang:x\\/text:v0.3.4:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/golang.org/x/text@v0.3.4"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/golang.org/x/time@v0.0.0-20201208040808-7e3f01d25324?package-id=f921b3793b3ae1f8",
+ "name": "golang.org/x/time",
+ "version": "v0.0.0-20201208040808-7e3f01d25324",
+ "cpe": "cpe:2.3:a:golang:x\\/time:v0.0.0-20201208040808-7e3f01d25324:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/golang.org/x/time@v0.0.0-20201208040808-7e3f01d25324"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/google.golang.org/genproto@v0.0.0-20201211151036-40ec1c210f7a?package-id=8f890d9f31987220",
+ "name": "google.golang.org/genproto",
+ "version": "v0.0.0-20201211151036-40ec1c210f7a",
+ "cpe": "cpe:2.3:a:google:genproto:v0.0.0-20201211151036-40ec1c210f7a:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/google.golang.org/genproto@v0.0.0-20201211151036-40ec1c210f7a"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/google.golang.org/grpc@v1.34.0?package-id=dec51d98c24a5ac3",
+ "name": "google.golang.org/grpc",
+ "version": "v1.34.0",
+ "cpe": "cpe:2.3:a:google:grpc:v1.34.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/google.golang.org/grpc@v1.34.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/google.golang.org/protobuf@v1.25.0?package-id=6ee790d30fc8a19e",
+ "name": "google.golang.org/protobuf",
+ "version": "v1.25.0",
+ "cpe": "cpe:2.3:a:google:protobuf:v1.25.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/google.golang.org/protobuf@v1.25.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/gopkg.in/inf.v0@v0.9.1?package-id=ef83589b9205b744",
+ "name": "gopkg.in/inf.v0",
+ "version": "v0.9.1",
+ "purl": "pkg:golang/gopkg.in/inf.v0@v0.9.1"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/gopkg.in/yaml.v2@v2.4.0?package-id=4f65923f7eba7149",
+ "name": "gopkg.in/yaml.v2",
+ "version": "v2.4.0",
+ "purl": "pkg:golang/gopkg.in/yaml.v2@v2.4.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776?package-id=cff0559185b67bd1",
+ "name": "gopkg.in/yaml.v3",
+ "version": "v3.0.0-20200615113413-eeeca48fe776",
+ "purl": "pkg:golang/gopkg.in/yaml.v3@v3.0.0-20200615113413-eeeca48fe776"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/k8s.io/api@v0.20.4?package-id=8f70691277a1cc86",
+ "name": "k8s.io/api",
+ "version": "v0.20.4",
+ "purl": "pkg:golang/k8s.io/api@v0.20.4"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/k8s.io/apimachinery@v0.20.4?package-id=3155793d5e99e63f",
+ "name": "k8s.io/apimachinery",
+ "version": "v0.20.4",
+ "purl": "pkg:golang/k8s.io/apimachinery@v0.20.4"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/k8s.io/apiserver@v0.20.4?package-id=eb1e3d65012d348d",
+ "name": "k8s.io/apiserver",
+ "version": "v0.20.4",
+ "purl": "pkg:golang/k8s.io/apiserver@v0.20.4"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/k8s.io/client-go@v0.20.4?package-id=b1ffa8e19573600e",
+ "name": "k8s.io/client-go",
+ "version": "v0.20.4",
+ "purl": "pkg:golang/k8s.io/client-go@v0.20.4"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/k8s.io/component-base@v0.20.4?package-id=5483a6235a011212",
+ "name": "k8s.io/component-base",
+ "version": "v0.20.4",
+ "purl": "pkg:golang/k8s.io/component-base@v0.20.4"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/k8s.io/component-helpers@v0.20.4?package-id=23d332f3f6db6ab0",
+ "name": "k8s.io/component-helpers",
+ "version": "v0.20.4",
+ "purl": "pkg:golang/k8s.io/component-helpers@v0.20.4"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/k8s.io/csi-translation-lib@v0.21.0-alpha.3?package-id=3b3970e274503390",
+ "name": "k8s.io/csi-translation-lib",
+ "version": "v0.21.0-alpha.3",
+ "purl": "pkg:golang/k8s.io/csi-translation-lib@v0.21.0-alpha.3"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/k8s.io/klog/v2@v2.5.0?package-id=57df0240e9181489",
+ "name": "k8s.io/klog/v2",
+ "version": "v2.5.0",
+ "cpe": "cpe:2.3:a:klog:v2:v2.5.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/k8s.io/klog/v2@v2.5.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20201113171705-d219536bb9fd?package-id=2608e4c9d5c367be",
+ "name": "k8s.io/kube-openapi",
+ "version": "v0.0.0-20201113171705-d219536bb9fd",
+ "purl": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20201113171705-d219536bb9fd"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/k8s.io/utils@v0.0.0-20201110183641-67b214c5f920?package-id=c2f84cbbd900bfd8",
+ "name": "k8s.io/utils",
+ "version": "v0.0.0-20201110183641-67b214c5f920",
+ "purl": "pkg:golang/k8s.io/utils@v0.0.0-20201110183641-67b214c5f920"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/netbase@5.6?arch=all&distro=debian-10&package-id=b55e51dca4eba9a6",
+ "publisher": "Marco d'Itri ",
+ "name": "netbase",
+ "version": "5.6",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:netbase:netbase:5.6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/netbase@5.6?arch=all&distro=debian-10"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/sigs.k8s.io/controller-runtime@v0.7.0?package-id=e4d65b1ab954f0e8",
+ "name": "sigs.k8s.io/controller-runtime",
+ "version": "v0.7.0",
+ "purl": "pkg:golang/sigs.k8s.io/controller-runtime@v0.7.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/sigs.k8s.io/sig-storage-lib-external-provisioner/v6@v6.3.0?package-id=a28ed5f781c23a96",
+ "name": "sigs.k8s.io/sig-storage-lib-external-provisioner/v6",
+ "version": "v6.3.0",
+ "cpe": "cpe:2.3:a:sig-storage-lib-external-provisioner:v6:v6.3.0:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/sigs.k8s.io/sig-storage-lib-external-provisioner/v6@v6.3.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.0.2?package-id=2d41a704ecf334e1",
+ "name": "sigs.k8s.io/structured-merge-diff/v4",
+ "version": "v4.0.2",
+ "cpe": "cpe:2.3:a:structured-merge-diff:v4:v4.0.2:*:*:*:*:*:*:*",
+ "purl": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.0.2"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:golang/sigs.k8s.io/yaml@v1.2.0?package-id=e165a82828172177",
+ "name": "sigs.k8s.io/yaml",
+ "version": "v1.2.0",
+ "purl": "pkg:golang/sigs.k8s.io/yaml@v1.2.0"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/debian/tzdata@2021a-0+deb10u1?arch=all&distro=debian-10&package-id=9e5b2198bbbd7fb0",
+ "publisher": "GNU Libc Maintainers ",
+ "name": "tzdata",
+ "version": "2021a-0+deb10u1",
+ "cpe": "cpe:2.3:a:tzdata:tzdata:2021a-0\\+deb10u1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/debian/tzdata@2021a-0+deb10u1?arch=all&distro=debian-10"
+ },
+ {
+ "type": "operating-system",
+ "name": "debian",
+ "version": "10",
+ "description": "Distroless",
+ "swid": {
+ "tagId": "debian",
+ "name": "debian",
+ "version": "10"
+ },
+ "externalReferences": [
+ {
+ "url": "https://github.com/GoogleContainerTools/distroless/issues/new",
+ "type": "issue-tracker"
+ },
+ {
+ "url": "https://github.com/GoogleContainerTools/distroless",
+ "type": "website"
+ },
+ {
+ "url": "https://github.com/GoogleContainerTools/distroless/blob/master/README.md",
+ "comment": "support",
+ "type": "other"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/adduser@3.118ubuntu2?arch=all&distro=ubuntu-20.04&package-id=69d1980477020fa3",
+ "publisher": "Ubuntu Core Developers ",
+ "name": "adduser",
+ "version": "3.118ubuntu2",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:adduser:adduser:3.118ubuntu2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/adduser@3.118ubuntu2?arch=all&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/alsa-topology-conf@1.2.2-1?arch=all&distro=ubuntu-20.04&package-id=9bedfd9c57f4f85e",
+ "publisher": "Ubuntu Developers ",
+ "name": "alsa-topology-conf",
+ "version": "1.2.2-1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:alsa-topology-conf:alsa-topology-conf:1.2.2-1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/alsa-topology-conf@1.2.2-1?arch=all&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/alsa-ucm-conf@1.2.2-1ubuntu0.9?arch=all&distro=ubuntu-20.04&package-id=beddb81d6dea8f2",
+ "publisher": "Ubuntu Developers ",
+ "name": "alsa-ucm-conf",
+ "version": "1.2.2-1ubuntu0.9",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:alsa-ucm-conf:alsa-ucm-conf:1.2.2-1ubuntu0.9:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/alsa-ucm-conf@1.2.2-1ubuntu0.9?arch=all&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/apt@2.0.6?arch=amd64&distro=ubuntu-20.04&package-id=55988ea1c6f336e3",
+ "publisher": "Ubuntu Developers ",
+ "name": "apt",
+ "version": "2.0.6",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "GPLv2+"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:apt:apt:2.0.6:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/apt@2.0.6?arch=amd64&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/base-files@11ubuntu5.4?arch=amd64&distro=ubuntu-20.04&package-id=63c89c28c512e1db",
+ "publisher": "Ubuntu Developers ",
+ "name": "base-files",
+ "version": "11ubuntu5.4",
+ "licenses": [
+ {
+ "license": {
+ "name": "GPL"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:base-files:base-files:11ubuntu5.4:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/base-files@11ubuntu5.4?arch=amd64&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/base-passwd@3.5.47?arch=amd64&distro=ubuntu-20.04&package-id=8b6e494dac6dab09",
+ "publisher": "Colin Watson ",
+ "name": "base-passwd",
+ "version": "3.5.47",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "name": "PD"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:base-passwd:base-passwd:3.5.47:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/base-passwd@3.5.47?arch=amd64&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/bash@5.0-6ubuntu1.1?arch=amd64&distro=ubuntu-20.04&package-id=e774a3e87113196b",
+ "publisher": "Ubuntu Developers ",
+ "name": "bash",
+ "version": "5.0-6ubuntu1.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:bash:bash:5.0-6ubuntu1.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/bash@5.0-6ubuntu1.1?arch=amd64&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/bind9-dnsutils@1:9.16.1-0ubuntu2.8?arch=amd64&upstream=bind9&distro=ubuntu-20.04&package-id=329a09dac9f80305",
+ "publisher": "Ubuntu Developers ",
+ "name": "bind9-dnsutils",
+ "version": "1:9.16.1-0ubuntu2.8",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "ISC"
+ }
+ },
+ {
+ "license": {
+ "id": "MPL-2.0"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:bind9-dnsutils:bind9-dnsutils:1\\:9.16.1-0ubuntu2.8:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/bind9-dnsutils@1:9.16.1-0ubuntu2.8?arch=amd64&upstream=bind9&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/bind9-host@1:9.16.1-0ubuntu2.8?arch=amd64&upstream=bind9&distro=ubuntu-20.04&package-id=e908a518aa52cb2f",
+ "publisher": "Ubuntu Developers ",
+ "name": "bind9-host",
+ "version": "1:9.16.1-0ubuntu2.8",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "ISC"
+ }
+ },
+ {
+ "license": {
+ "id": "MPL-2.0"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:bind9-host:bind9-host:1\\:9.16.1-0ubuntu2.8:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/bind9-host@1:9.16.1-0ubuntu2.8?arch=amd64&upstream=bind9&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/bind9-libs@1:9.16.1-0ubuntu2.8?arch=amd64&upstream=bind9&distro=ubuntu-20.04&package-id=c73106f3649b27ec",
+ "publisher": "Ubuntu Developers ",
+ "name": "bind9-libs",
+ "version": "1:9.16.1-0ubuntu2.8",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "ISC"
+ }
+ },
+ {
+ "license": {
+ "id": "MPL-2.0"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:bind9-libs:bind9-libs:1\\:9.16.1-0ubuntu2.8:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/bind9-libs@1:9.16.1-0ubuntu2.8?arch=amd64&upstream=bind9&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/bsdutils@1:2.34-0.1ubuntu9.1?arch=amd64&upstream=util-linux%402.34-0.1ubuntu9.1&distro=ubuntu-20.04&package-id=20018d8de777eda9",
+ "publisher": "Ubuntu Developers ",
+ "name": "bsdutils",
+ "version": "1:2.34-0.1ubuntu9.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "BSD-2-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-3-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "BSD-4-Clause"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "name": "LGPL"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-2.1-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "LGPL-3.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MIT"
+ }
+ },
+ {
+ "license": {
+ "name": "public-domain"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:bsdutils:bsdutils:1\\:2.34-0.1ubuntu9.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/bsdutils@1:2.34-0.1ubuntu9.1?arch=amd64&upstream=util-linux%402.34-0.1ubuntu9.1&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/bzip2@1.0.8-2?arch=amd64&distro=ubuntu-20.04&package-id=97dab883cac4c956",
+ "publisher": "Ubuntu Developers ",
+ "name": "bzip2",
+ "version": "1.0.8-2",
+ "licenses": [
+ {
+ "license": {
+ "name": "BSD-variant"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:bzip2:bzip2:1.0.8-2:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/bzip2@1.0.8-2?arch=amd64&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/ca-certificates@20210119~20.04.1?arch=all&distro=ubuntu-20.04&package-id=b34020e11d6f8983",
+ "publisher": "Ubuntu Developers ",
+ "name": "ca-certificates",
+ "version": "20210119~20.04.1",
+ "licenses": [
+ {
+ "license": {
+ "id": "GPL-2.0-only"
+ }
+ },
+ {
+ "license": {
+ "id": "GPL-2.0-or-later"
+ }
+ },
+ {
+ "license": {
+ "id": "MPL-2.0"
+ }
+ }
+ ],
+ "cpe": "cpe:2.3:a:ca-certificates:ca-certificates:20210119\\~20.04.1:*:*:*:*:*:*:*",
+ "purl": "pkg:deb/ubuntu/ca-certificates@20210119~20.04.1?arch=all&distro=ubuntu-20.04"
+ },
+ {
+ "type": "library",
+ "bom-ref": "pkg:deb/ubuntu/coreutils@8.30-3ubuntu2?arch=amd64&distro=ubuntu-20.04&package-id=f77283ee51e117fa",
+ "publisher": "Ubuntu Developers